PUPpy Love: BT Billing SMiShing Scam

PUPpy Love: BT Billing SMiShing Scam

Share with your network!
PUPpy Love: BT Billing SMiShing Scam

The Defence Works is continually watching out for scams that come in, both to our own network and the wider world. When we saw this text message in a tweet, we knew immediately that it was part of a SMiShing campaign.

Mobile phishing or SMiShing, is a form of phishing that, instead of using emails, the fraudsters use text messages or messaging apps, like WhatsApp, to trick users into clicking links or downloading mobile apps.

A Not So Cute PUP (Potentially Unwanted Program)

This week’s Breaking Scam is a mobile text message SMiShing campaign. The sender displayed as ‘BTMobile’. One of the issues with mobile texts that scammers exploit is the fact a fraudster can configure the name of the sender to be anything they want. The ‘details’ in a text are minimal; you cannot confirm if the sender is legitimate or not.

The message itself was brief, a ‘billing issue’ meant that the recipient had to confirm their details.


This type of message is typical in a scam. It is meant to make the recipient worried enough to click a link.

Instead of clicking the link, we analysed the URL. It came back as containing a PUP or “Potentially Unwanted Program”. A PUP is not quite malware, but not far off. The software behind a PUP often requires consent to install and run. PUPs cross the fuzzy line between annoying marketing pop-up and privacy breach. A report by Symantec found that in 63% of cases, even consented PUPs leaked personal data from a mobile device to the person(s) behind the PUP.


To give you an idea of why software PUPs are not cute or cuddly, this is a list of what often occurs once a PUP is installed:

  • Slow performance (PC)
  • On a mobile device, an app may be installed that causes your battery to drain
  • Annoying pop-ups on your screen/in app
  • Browser homepage set to an unknown page
  • New toolbar items installed on your browser without your knowledge
  • Data leaks

We did not delve further into the URL, but it is likely that the page would have encouraged a PUP download in the form of a mobile app and may also have attempted to gather login credentials.


According to a survey from Cofense, the vast majority (74%) of phishing is an attempt to steal login credentials. There are two main things to remember when dealing with SMiShing (and email phishing):

  1. Do not click on links in text messages – navigate to the site directly or contact the legitimate company, to double check any concerns
  2. If you do click, DO NOT enter any login credentials. Only log in to online accounts by navigating directly to a company website

Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:

BT Billing SMiShing Scam

If you receive an SMS text message from “BTMobile” be very cautious. This is likely a SMiShing attempt. The message contains a malicious link that could steal login credentials and encourage a mobile app download. The app will likely be a Potentially Unwanted program or PUP. These apps can leak personal data and drain your mobile battery.


For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?

Don’t forget to share this with your colleagues and friends and help them stay safe.

Let’s keeping breaking scams!