Regularity receiving text message that some bank security systems have detected unusual activity. These SMS messages are similar to phishing, except that they are spamming via cell phones. Below the text is URL link which looks like bank WWW domain name, however looking carefully you can see that it is only submain prefix to another main domain, which has not any common with bank. The messages asking me to login and confirm identity to avoid account suspension. All messages came from country code 7 and area code 495 (Russia, Moscow):
$ whois 33d-4-asd.com Domain Name: 33D-4-ASD.COM Registry Domain ID: 2498658866_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.registrar.eu Registrar URL: http://www.openprovider.com Updated Date: 2020-03-15T19:36:09Z Creation Date: 2020-03-01T18:54:05Z Registry Expiry Date: 2021-03-01T18:54:05Z Registrar: Hosting Concepts B.V. d/b/a Openprovider Registrar IANA ID: 1647 Registrar Abuse Contact Email: abuse@registrar.eu Registrar Abuse Contact Phone: +31.104482297 Domain Status: clientHold https://icann.org/epp#clientHold Domain Status: clientTransferProhibited https://icann.org/epp#clientTransfer$ Name Server: NS1.SUSPENDED-DOMAIN.COM Name Server: NS2.SUSPENDED-DOMAIN.COM DNSSEC: unsigned |
$ whois prf-fd4-34.com Domain Name: PRF-FD4-34.COM Registry Domain ID: 2489018491_DOMAIN_COM-VRSN Registrar WHOIS Server: whois.registrar.eu Registrar URL: http://www.openprovider.com Updated Date: 2020-02-20T00:53:18Z Creation Date: 2020-02-05T21:13:59Z Registry Expiry Date: 2021-02-05T21:13:59Z Registrar: Hosting Concepts B.V. d/b/a Openprovider Registrar IANA ID: 1647 Registrar Abuse Contact Email: abuse@registrar.eu Registrar Abuse Contact Phone: +31.104482297 Domain Status: clientHold https://icann.org/epp#clientHold Domain Status: clientTransferProhibited https://icann.org/epp#clientTransfer$ Name Server: INA1.REGISTRAR.EU Name Server: INA2.REGISTRAR.EU Name Server: INA3.REGISTRAR.EU |
Do not click on link in such messages: rbc.com and scotiabank.ca just subdomain prefix to the domain name 33d-4-asd.com and prf-fd4-34.com, which was created to capture your bank credentials.