Feed aggregator

COLUMBUS, Ohio (WCMH) -- Just two days until No. 1 Ohio State and No. 2 Indiana clash for the Big Ten title. But two professors from the rival campuses are showing that when it comes to helping kids' eyesight, they're on the same team. Researchers at both universities are partnering on a first-of-its-kind national study [...]

COLUMBUS, Ohio (WCMH) -- The Public Utilities Commission of Ohio (PUCO) heard the public's opinions on a proposed rate hike by AEP Ohio Thursday night. In May, the energy company asked for a distribution base rate increase of 2.14% to help pay for things like power poles, lines and the salaries of line workers. But [...]

COLUMBUS, Ohio (WCMH) -- Nationwide Children's Hospital will get part of a $5 million grant aimed at improving the detection and treatment of childhood cancers. The hospital will test a new blood-based biopsy, meant to detect pediatric cancers earlier and monitor high-risk children without frequent and invasive procedures. Governor DeWine said children's medical research is [...]

COLUMBUS, Ohio (WCMH) -- As the holiday season begins, the Junior League of Columbus is preparing for its annual Holiday Tour of Homes, a fundraiser that allows visitors to walk through festively decorated houses in Upper Arlington and Marble Cliff. The event supports the organization’s community projects and this year, it carries new significance. In [...]

COLUMBUS, Ohio (WCMH) -- What was meant to be a final resting place for dozens of people in Southwest Columbus is no longer the case. “Why disturb the dead? I understand a lot of people may not understand, but it's not their family. This is our family,” said Columbus Resident Shana Edwards. Around 30 graves [...]

COLUMBUS, Ohio (WCMH) -- Sex abuse survivors of Ohio State University Dr. Richard Strauss on Thursday used protest signs and a silent vigil during a meeting of the OSU Board of Trustees to advance their demands for action. Their legal battle against the university is in its eighth year. Hundreds of survivors claim the university [...]

COLUMBUS, Ohio (WCMH) -- Governor Mike DeWine has vetoed a bill that would have allowed teenagers to work longer hours. Current child labor laws dictate that kids cannot work past 7 p.m. on school nights, but Senate Bill 50, sponsored by Sen. Tim Schaffer (R-Lancaster), would have allowed 14-and 15-year-olds to work until 9 p.m.  [...]

China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points.

Over the past week, thousands of domain names were registered for scam websites that purport to offer T-Mobile customers the opportunity to claim a large number of rewards points. The phishing domains are being promoted by scam messages sent via Apple’s iMessage service or the functionally equivalent RCS messaging service built into Google phones.

An instant message spoofing T-Mobile says the recipient is eligible to claim thousands of rewards points.

The website scanning service urlscan.io shows thousands of these phishing domains have been deployed in just the past few days alone. The phishing websites will only load if the recipient visits with a mobile device, and they ask for the visitor’s name, address, phone number and payment card data to claim the points.

A phishing website registered this week that spoofs T-Mobile.

If card data is submitted, the site will then prompt the user to share a one-time code sent via SMS by their financial institution. In reality, the bank is sending the code because the fraudsters have just attempted to enroll the victim’s phished card details in a mobile wallet from Apple or Google. If the victim also provides that one-time code, the phishers can then link the victim’s card to a mobile device that they physically control.

Pivoting off these T-Mobile phishing domains in urlscan.io reveals a similar scam targeting AT&T customers:

An SMS phishing or “smishing” website targeting AT&T users.

Ford Merrill works in security research at SecAlliance, a CSIS Security Group company. Merrill said multiple China-based cybercriminal groups that sell phishing-as-a-service platforms have been using the mobile points lure for some time, but the scam has only recently been pointed at consumers in the United States.

“These points redemption schemes have not been very popular in the U.S., but have been in other geographies like EU and Asia for a while now,” Merrill said.

A review of other domains flagged by urlscan.io as tied to this Chinese SMS phishing syndicate shows they are also spoofing U.S. state tax authorities, telling recipients they have an unclaimed tax refund. Again, the goal is to phish the user’s payment card information and one-time code.

A text message that spoofs the District of Columbia’s Office of Tax and Revenue.

CAVEAT EMPTOR

Many SMS phishing or “smishing” domains are quickly flagged by browser makers as malicious. But Merrill said one burgeoning area of growth for these phishing kits — fake e-commerce shops — can be far harder to spot because they do not call attention to themselves by spamming the entire world.

Merrill said the same Chinese phishing kits used to blast out package redelivery message scams are equipped with modules that make it simple to quickly deploy a fleet of fake but convincing e-commerce storefronts. Those phony stores are typically advertised on Google and Facebook, and consumers usually end up at them by searching online for deals on specific products.

A machine-translated screenshot of an ad from a China-based phishing group promoting their fake e-commerce shop templates.

With these fake e-commerce stores, the customer is supplying their payment card and personal information as part of the normal check-out process, which is then punctuated by a request for a one-time code sent by your financial institution. The fake shopping site claims the code is required by the user’s bank to verify the transaction, but it is sent to the user because the scammers immediately attempt to enroll the supplied card data in a mobile wallet.

According to Merrill, it is only during the check-out process that these fake shops will fetch the malicious code that gives them away as fraudulent, which tends to make it difficult to locate these stores simply by mass-scanning the web. Also, most customers who pay for products through these sites don’t realize they’ve been snookered until weeks later when the purchased item fails to arrive.

“The fake e-commerce sites are tough because a lot of them can fly under the radar,” Merrill said. “They can go months without being shut down, they’re hard to discover, and they generally don’t get flagged by safe browsing tools.”

Happily, reporting these SMS phishing lures and websites is one of the fastest ways to get them properly identified and shut down. Raymond Dijkxhoorn is the CEO and a founding member of SURBL, a widely-used blocklist that flags domains and IP addresses known to be used in unsolicited messages, phishing and malware distribution. SURBL has created a website called smishreport.com that asks users to forward a screenshot of any smishing message(s) received.

“If [a domain is] unlisted, we can find and add the new pattern and kill the rest” of the matching domains, Dijkxhoorn said. “Just make a screenshot and upload. The tool does the rest.”

The SMS phishing reporting site smishreport.com.

Merrill said the last few weeks of the calendar year typically see a big uptick in smishing — particularly package redelivery schemes that spoof the U.S. Postal Service or commercial shipping companies.

“Every holiday season there is an explosion in smishing activity,” he said. “Everyone is in a bigger hurry, frantically shopping online, paying less attention than they should, and they’re just in a better mindset to get phished.”

SHOP ONLINE LIKE A SECURITY PRO

As we can see, adopting a shopping strategy of simply buying from the online merchant with the lowest advertised prices can be a bit like playing Russian Roulette with your wallet. Even people who shop mainly at big-name online stores can get scammed if they’re not wary of too-good-to-be-true offers (think third-party sellers on these platforms).

If you don’t know much about the online merchant that has the item you wish to buy, take a few minutes to investigate its reputation. If you’re buying from an online store that is brand new, the risk that you will get scammed increases significantly. How do you know the lifespan of a site selling that must-have gadget at the lowest price? One easy way to get a quick idea is to run a basic WHOIS search on the site’s domain name. The more recent the site’s “created” date, the more likely it is a phantom store.

If you receive a message warning about a problem with an order or shipment, visit the e-commerce or shipping site directly, and avoid clicking on links or attachments — particularly missives that warn of some dire consequences unless you act quickly. Phishers and malware purveyors typically seize upon some kind of emergency to create a false alarm that often causes recipients to temporarily let their guard down.

But it’s not just outright scammers who can trip up your holiday shopping: Often times, items that are advertised at steeper discounts than other online stores make up for it by charging way more than normal for shipping and handling.

So be careful what you agree to: Check to make sure you know how long the item will take to be shipped, and that you understand the store’s return policies. Also, keep an eye out for hidden surcharges, and be wary of blithely clicking “ok” during the checkout process.

Most importantly, keep a close eye on your monthly statements. If I were a fraudster, I’d most definitely wait until the holidays to cram through a bunch of unauthorized charges on stolen cards, so that the bogus purchases would get buried amid a flurry of other legitimate transactions. That’s why it’s key to closely review your credit card bill and to quickly dispute any charges you didn’t authorize.

COLUMBUS, Ohio (WCMH) -- Local leaders are reacting to negative comments made by President Donald Trump about the Somali community. Some Somali Americans here in Central Ohio say they are now worried for their safety.  “It was like a punch in the gut, to be honest with you,” said Khalid Turaani, the Executive Director of [...]

COLUMBUS, Ohio (WCMH) -- The Democratic Republic of Congo is the second-largest country in Africa, with more than 100 million residents. It's also a country plagued by instability. In the 90s and early 2000s, the nation endured a brutal civil war. It led to millions of fatalities and thousands more people fleeing the country. John [...]

DELAWARE, Ohio (WCMH) -- A Delaware County judge accused of pressuring an attorney to have sex with him is being investigated over possible rape, according to a case report from the Delaware County Sheriff's Office. Common Pleas Judge James Schuck took a voluntary leave of absence last week after he was listed as a defendant [...]

COLUMBUS, Ohio (WCMH) -- Ohio State quarterback Julian Sayin is among multiple Ohio State offensive stars that will be taking home Big Ten awards. The conference announced the winners of its offensive awards on Thursday and the Buckeyes are taking home plenty of hardware. 2025 Big Ten offensive awards Several Buckeyes players were also named [...]

DUBLIN, Ohio (WCMH) -- Columbus-based Wood Companies has revised its plan for a walkable shopping area in Dublin, adding office space and making changes to improve walkability while keeping the project's village-style character. The development, to be located at West Bridge Street and Monterey Drive near Dublin Cemetery, was originally pitched in June as a [...]

COLUMBUS, Ohio (WCMH) -- An Ohio State professor is responding to declining public trust in academia with positivity, writing an article to uplift what is working in higher education. “One faculty member told me they read it that morning and they cried," said Ryan Skinner, director of OSU's Humanities Institute. "We so often do not [...]

COLUMBUS, Ohio (WCMH) - Meet Fig! She is available for adoption through the Franklin County Dog Shelter and Adoption Center. Fig is described as a sweet girl who loves people, is great with kids and enjoys being around other dogs. The shelter says she might be a little shy at first but will warm up [...]

COLUMBUS, Ohio (WCMH) — The second 12-team College Football Playoff bracket will be announced Sunday, and defending champion Ohio State is safely in the field as it prepares to play for the Big Ten championship. No. 1 Ohio State is also set to earn a bye into the quarterfinals, but its top seed is under [...]

Central Ohio is hosting a variety of festive events this December, including WinterFest, Holiday Pops, GalaxyCon, Winterfair Columbus, and more, offering something for everyone to enjoy.

COLUMBUS, Ohio (WCMH) – A recent study by Ohio State University researchers found that personalized algorithms, which are used by numerous social media platforms, lead to a distorted view of reality and overconfidence in false knowledge.  Giwon Bahg led the study as part of his doctoral dissertation in psychology at Ohio State. Psychology professors Brandon [...]

COLUMBUS, Ohio (WCMH) — A Dublin hardware store is picking up the pieces after a two-alarm fire raged through the building Tuesday evening. According to the Washington Township Fire Department, crews were called to the E&H Ace Hardware at the intersection of West Bridge Street and Frantz Road, where flames could be seen coming from [...]