SMS message saying bank details on the internet are malicious

SophosLabs has received a disturbing report from a UK Local Government customer which we feel need a wider audience.

People are receiving SMS messages saying that their bank details are on the internet. These text messages are 100% malicious in nature and users should not follow the links.

The report from the local government states:

The user received an SMS message to say that his bank account details had been posted on the Internet and gave him a URL to go to. He attempted to access the site using a library PC but failed and queried the librarian about the security on the PC who raised a support call with us.


The obfuscated script inserts an iframe which attempts to download malware which Sophos blocks.

I haven't seen details of a scam like this before and have looked for a site on which to report it without success. I'm assuming you'll know what to do with it.

So, what are we at SophosLabs doing about it?

  • Making the general public aware of this malicious attack
  • Adding detection and blocking for the malicious website
  • Making samples available for security professionals via the usual channels

SophosLabs will be publishing detection for the malicious website as Troj/Iframe-BS and the malware that Sophos already blocked was detected as Troj/PDFJs-B.