Sign in

Ruining All My Branding
Cyber Security professional and actual detective. True crime blogger and kicker of @.

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. All of them say, “We will lock your device soon. Please clear your spam messages. Scan now” with a link to click, and let me tell you, DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see bottom of article). The URL is likely designed to deliver ransomware, credential phishing, malware, spyware or anything the scammer desires. Also of note, the most recent reports about this kind of text message (smishing) spam/scam…


US Pipeline Ransomware Attack

A map of major US Pipelines (source).

In what is described as the “largest successful cyber attack” on fuel infrastructure to date, Colonial Pipeline’s infastructure was hit by a Ransomware attack, which lead to the pipeline ceasing operations. According to Colonial Pipeline, prices for gasoline will not be impacted unless the pipeline stays down, and according to other sources, this could be a matter of 4–5 days (1–3).

US Pipeline Cyber Attack

On Friday, May 7th, 2021, Colonial Fuel Pipeline reported during trading that they were having network issues, and two people had reported issues posting “refined product batches, updates or changes to batch deliveries” using the Colonial Pipeline website (likely…


Namecheap, a US-based domain registrar, is allowing scammers to infest their registrations using global infrastructure to attack Americans and Canadians with malware. When this is reported, Namecheap does nothing. Over the course of months, I have been researching a series of text message campaigns that originate from a US domain registrar who both refuse to act , but also refuse to acknowledge there is a problem thus allowing cyber abuse, text message spam and smishing to go unchecked.

There is a Massive Spam Campaign out of Namecheap

Namecheap’s bulk update function [Edited for this article]

Namecheap protects the scammers in the name of profit. The hosting providers keep taking down their infrastructure when reported, but for the scammers, updating the DNS is as easy as selecting three menu items within Namecheap’s bulk update function.


A text message stating that a Stimulus check is coming, promising financial reward to click the URL. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’

[Name] we’ve been attempting to get your stimulus check to you but it’s being returned. Verify your informatiton here [URL]
[Name] we’ve been attempting to get your stimulus check to you but it’s being returned. Verify your informatiton here [URL]

Do not click the link, report the spam to 7726 (see below).

Yup, This is a Scam.

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, “Hi it’s Nick from The Motorvehicle Dept. We just Issued a ruling that qualifies you to collect a Refund_Payment: [URL] Avg refund $900” with a link to click. DO NOT CLICK THE LINK…


A text message stating that the DMV is promising financial reward to click the URL. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’

\Motorvehicle Dept. We just Issued a ruling that qualifies you to collect a Refund Payment: [URl]
#Other Varieties
Motorvehicle Dept. We just Issued a ruling that qualifies you to collect a Refund Payment: [URL] Avg refund $900
orHi it's Nick from The Motorvehicle Dept. We just Issued a ruling that qualifies you to collect a Refund_Payment: [URL]. Avg refund $900

Do not click the link, report the spam to 7726 (see below).

Visually: The URL is not a Known Service

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, “Hi it’s Nick from The Motorvehicle Dept. We…


A text message stating that your order has been delivered, promising more information by clicking the URL. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’

Your Order Was Delivered. Your Order: iPad Pro with Magic Keyboard — 256GB — Silver [URl]
“Your Order Was Delivered.  Your Order: iPad Pro with Magic Keyboard - 256GB - Silver [URl]”

Do not click the link, report the spam to 7726 (see below).

Apple Does not Endorse this.

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, “Your Order Was Delivered. Your Order: iPad Pro with Magic Keyboard — 256GB — Silver [URL]” with a link to click. DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see below).
The URL…


A text message stating that your Walmart order has is being delivered, and asks you to check the URL for delivery address. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’

“Walmart: Hi, [name]! Your parcel is on its way to you. Check your delivery address here. [URL]” (spam)
“Walmart: Hi, [name]!  Your parcel is on its way to you.  Check your delivery address here. [URL]”

Do not click the link, report the spam to 7726 (see below).

Walmart Does not Endorse this Message.

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, ““Walmart: Hi! Your parcel is on its way to you. Check your delivery address here. [URL]”” with a link to click. DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see below).
The…


Hulu joins the wall of shame for making it not obvious to actually delete an account, and with their docs leading you in the wrong direction, you are required to open up a “California Privacy” request in order to delete.

Hulu’s Documentation is Incomplete

There is no documentation on how to Delete an account on Hulu’s website, only to delete a profile, or cancel a subscription. They are not alone in this, Offerup, among many others, including Amazon, make it harder to delete your data from their platform than to sign up. Many organizations offer a deacivate option, which is not the same as…


A text message stating that a your clean dmv record has earned a reward, promising payment by clicking the URL. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’

“DMV Annoucement: Congrats on keeping your record clean. Claim $450 from us as your reward [URL]”
“DMV Annoucement: Congrats on keeping your record clean. Claim $450 from us as your reward [URL]”
or
“DMV Annoucement: Congrats on keeping your record clean. Claim $350 from us as your reward [URL]”
or
“DMV Annoucement: Congrats on keeping your record clean. Claim $250 from us as your reward [URL]”

Do not click the link, report the spam to 7726 (see below).

DMV Depts Do Not Provide “Rewards” Based on Your Driving Record

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, “DMV Annoucement: Congrats…


A text message stating that a stimulus check may be mailed to you, which only serves as a scam to get you to click the URL they have sent. This is malicious code running on instrastructure that spans the globe. It is a clever form of malware delivery that evades antivirus and other protections, and is geared to drop malware on your device undetected via a form of delivery called ‘gootloading.’

I have to put the caption. below because Medium wont let me put double spaces in this caption, and I want to accurately capture the text.
"Your  required: Stimulus Check of $1,689.34 may be pending to be mailed to you [URL]"

Stimulus Check Scams Are a Thing

I’ve been getting a series of spam text messages from various phone numbers, likely compromised devices, all seem to be from AT&T in origin. These text messages have various messages, this one in particular saying, `”Your required: Stimulus Check of $1,689.34 may be pending to be mailed to you [URL]” with a link to click. DO NOT CLICK THE LINK and forward it to the SPAM number (7726, see below).

The URL is likely designed to deliver ransomware, credential phishing, malware, spyware or anything the…

Ruining All My Branding

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store