cancel
Showing results for 
Search instead for 
Did you mean: 

5198, compromised ?

dougc
Great Citizen / Super Citoyen

So chkd, and the latest query about this number was early Sept.

 

I see that it is a common number used by Pub'Mob', as I thought it was.

 

Anyone else receive odd acting (presumed) texts from this number the last 48 hrs ?

 

 

Back story;

_ Anyways yesterday (Oct 2nd) I received   2 presumed text from this number  within half hour.  Presuming it was just monthly notifications i did not bother to review right then.     When I did, there was some avatar,  (same on both) then the first couple words.   

 

I cliked on it as per norm' to view full text  and instead 'Downloading' popped up   . .  which is freaky to see these days when unsolicited !  It only took a couple seconds for it to complete or attempt.    I then deleted.

 

I tried the other one,  and it did the same. 

 

_ This a.m. another 519-8 arrived  previous to 5 !!    It also had a odd avatar but different,  and at least one of the words was  "Dr " .     Since I had figured out how to access the listing of texts from another direction allowing  deletion without  reading  I went that route instead.  

 

 

Were these legit (unsolicited) downloading by Pub'Mob ? 

Or is the number being used by the spoof  community ?

 

Thanks for your time !

18 REPLIES 18

Korth
Mayor / Maire

@dougc 

 

The automatic downloading is MMS attachments (images). At worst extreme these pictures could depict offensive things and occupy some memory/storage space on your phone (until you delete them) - but they can't contain any executable code/script and they can't self-install anything. Standard MMS protocols can only contain image data with certain recognized and supported formats, within certain size limits. Nonstandard MMS protocols with extended functionality require special SMS/MMS software (like iMessage, RCS, etc).

 

The SMS/MMS app (software) built into your phone might allow user control over MMS download actions, though you might have to dig around to find the settings.

But it also might not allow any user control at all. Which simply means you select a better SMS/MMS app to install from the vast offerings of the internet (a non-issue on Android devices, but possibly problematic on flip-phones which run simpler embedded operating systems).

 

Another option is to turn off your cellular data. MMS attachments are always sent across cellular data (and are never sent across WiFi data) so no cellular data means no possibility of unprompted MMS downloads. Each one is incidentally logged on your Self-Serve usage as an "MMS Event" which consumes 0.000MB of your provisioned data - they are truly free and unlimited at Public Mobile - so no need to worry about unwanted spam burning through your wallet.

 

Another option is to disable MMS in your APN settings. Change MMSC and MMSC Proxy to blank entries, change APN Type from "default,mms" to "default". Although this will disable all MMS messages, even legit ones, so you'd have to restore these fields to Public Mobile APN settings whenever you want to actually use MMS.

dougc
Great Citizen / Super Citoyen

Marked previous post  as  solution.

 

 

Also received a couple more of these texts on Oct 5th & 6. 

But on a basic flip phone known not to open this type of text fully,  so did not try to read  🙂  

 

Take care !

 

D'

As a Telus home internet customer I believe I have received similar emails from them as well and see nothing to be suspicious of. 

 

AE_Collector

It's easy enough to ask on-shift @CS_Agent to officially confirm/deny whether this 5198 message was actually sent by PM (while properly displaying their PM credentials). Since so many people seem to be suspicious of it.

 

I see @David_J online right now.

Anonymous
Not applicable

 @Liz_W 

You don't look like an employee to me. You don't have a blue MOD or dark PM icon next to your username.

 

Edit: @Liz_W  There you go. Welcome to Public Mobile. Thanks for the official confirmation.

Liz_W
Public Mobile
Public Mobile

@dougc , thank you for reaching out with this. 

 

I work on the Public team. I can confirm this is a legitimate message. We wanted to extend a free health care service to our base customers in ON, BC, AB & SK. The download link is not a virus and will take you to the app store to download the Babylon by TELUS Health app.

 

Thank you!

Liz W

Korth
Mayor / Maire

I just assumed it was paid advertisement. Telus has bills to pay, too.

 

The number looked legit to me. The web address looked legit to me. The thing being offered does not at all interest me. So I didn't bother looking deeper to confirm authenticity.

 

I thought about UNSUBSCRIBE but decided against it since I don't want to miss out on any gifts or promos PM might offer me in the future. But I will unsubscribe or start blocking numbers if they send me enough unsolicited garbage to cause annoyance.

 

PM has used many numbers for SMS notifications - and probably hasn't used many more numbers, assuming they can use the whole 51XX number block. But maybe 5198 falls outside of PM/Telus and is owned by someone else?

 

I've only seen one MMS from PM ("More the Merrier" xmas gifts from 5169). It was sent at least four times to one of my numbers, twice within a few minutes, then again the next day, and again the next day ... until I finally clicked the last one to download the attached image. Maybe 5198 will do the same thing - keep repeating until it gets a download delivery receipt or it's withdrawn by the sender.

dougc
Great Citizen / Super Citoyen

Ahhh received another from 519-8,  40 minutes ago which looks to be same as one received yesterday.

 

Checked it via the alternate text log option.

The avatar again was a closed envelope and small square next to the lead text,   "See a doctor-ev...".

 

Did not clik to view,  just  chose the delete option. 

 

So if it is a legit TelusCorp.  advert'  it is now ignored w/o trying to open.

And if 519-8 has been compromised  will not allow those freaky downloading attempts.

 

Chkd download log and it was empty.

 

Either way (from sender ?)  it amounts to so far  4 questionable (5198) texts in less than 60 hrs. .   Almost  as annoying as that wave of  "bitcoin.....",  a couple wks ago targeting a email address.      Which I tagged and deleted,  as soon as I saw that word in the alleged email addy.

 

 

Be-A-Ware,   and take care.

 

D'

 

p.s. Since not likely to hear from Telus Corp. if all 4 --- 5198 texts (as of this moment) were from them,   or if 5198 has actually been compromised.   So selected this post as solution !

Okay now that I see what you are talking about.... I don't think there is anything particularly improper about it. I guess it is debatable that it is advertising but I think or at least assumed it is a Covid related Offer from Telus and their extensive health care side. So yes advertising a product available that has no cost to the user so people know of its availability. With PM being a member of the “Telus Family” you have access to this service is how I see it. Not quite the same as all the email I have recently been getting congratulating me for winning someThing at “Drug Mart” all made up to look like a SHoppers Drug Mart advertisement or from Air Canada or from H0me Depot etc. 

 

AE_Collector

will13am
Oracle
Oracle

This is a spam ad from Telus babylon.  Normally, I have pretty thick skin with ads because I use ad-blockers, spam filters, etc. to limit this stuff.  However, with Public Mobile, unsubscribing to this means unsubscribing to everything including useful notifications.  I think that is a sneaky way for force feeding their customers ads that are potentially unwanted.  Totally shameful.  Public Mobiles needs to allow customers to unsubscribe to ads and not affect other notifications. 

Anonymous
Not applicable

 @dougc 

As far as I can see, this came in as an MMS. There was an image so it became an MMS. Usually you would be notified of the presence of an MMS. Then you would need to turn on cell data and then touch it for it to download. Then you would see the image and in this case the link.

If you got an MMS from an unknown source like from a 10 digit number then certainly be wary.

@dougc your phone doesn't auto retrieve otherwise you wouldn't need to click on anything to download.

 

the good thing about being hacked on Android is you will be able to see the apps that were installed and uninstall it. it's not like a personal computer where "DLL" files and windows system files can be installed with Trojans/viruses

dougc
Great Citizen / Super Citoyen

" . . . Don't click on links! Even from a presumably trusted source. . . . "

 

Presume this was for everyone as a reminder.

 

 

Personally I never do click on unsanctioned links. 

In this case I had just clikd on the notification to try and see the 'body' of the text.

 

If all three  were legit from Telus Corp.,  the first 2 obviously tried to open to show the text and graphics as sampled above   but landing on a aged flip phone it failed, and was just successful in freakin'  me out  😉

 

D' 

Anonymous
Not applicable

I got one as well. Don't click on links! Even from a presumably trusted source. Unless you're interested in the content.

iirc these short codes can't be spoofed but I could easily be wrong.

JoyLuck
Mayor / Maire

@dougc 

 

I also received one on Friday. Here it is.

 

CB73BC03-8EE7-48C9-8599-AFC2461E80E4.png

 

 

dougc
Great Citizen / Super Citoyen

So Telus Corp. (if it is you)    please fix the coding, 

and do not automatically attempt to download anything !  

 

Within the text at the very least have a Y or N  !!

 

D'

 

p.s.

I'm one of those that is still using a  aged flip-phone, which I will have to chk in utilities/settings,   as I'm unaware of a  'disable auto-retrieve MMS' option.    And also make time to chk for a download log.  

 

 

 

kselmak
Mayor / Maire

Actually I searched my extensive history on my current device and didn't find any communication with such number

I'll also check one of my old devices tomorrow and will report back

gpixel
Mayor / Maire

@dougc yeah I received that a few days ago. it's for an app for virtual doctor or something. it's starts with "since public mobile is part of the Telus family" etc.

 

either way it's best to keep auto retrieve MMS off to avoid being exploited 

 

https://www.google.com/amp/s/www.kaspersky.com/blog/critical-android-mms-vulnerability/9471/amp/

 

Need Help? Let's chat.