Showing posts from July, 2023

Investigating SMS phishing text messages from scratch

Online and at conferences, people ask me how to get started in threat intel. What I usually offer as advice to budding analysts starting out is to practise analysing things in the wild. And by 'analysing things in the wild' I mean looking for live reports of cybercriminal activity by others online. One of my favourite examples is SMS phishing text messages, also called Smishing scams.  It is a commonly held view that new analysts learn best by doing. It also does not matter if you are not the first to report on something. New analysts should not worry about that, as long as they do a bit of OSINT at least to confirm they do not accidentally say they are the first and only researcher to find whatever it is they found.  In my experience, there are always organizations and teams with more experience and telemetry than you. It's just that they did not report on it publicly (yet). This goes for even the top research teams at incident response or antivirus companies. Not "be