As many people know, phishing attacks target individuals with fake messages and login pages in an attempt to acquire legitimate login details from the victim. According to numerous employees at T-Mobile, a massive phishing attack was launched recently with the specific goal of acquiring secure login details.
Numerous employees have confirmed they’ve received a text like the one below. The text says that the employee’s “UNDesktop login is being deactivated” and that in order to maintain their login they need to visit a website to verify credentials.
UNDesktop appears to be an internal tool used to offer desktop applications via the web to T-Mobile employees. The first search result for “UNDesktop” is a link to T-Mobile’s very own instance of the software.
The domain included in the screenshot sent to us here at The T-Mo Report, which we have censored for security reasons, appears to now be non-functional. It was registered the day the attacks started on May 30th in the country of Iceland. A trusted source says that the attackers are switching up the domains once the one in use is disabled, and that they personally have seen 3 different domains in use.
It’s unclear if any logins have been compromised by the attack, but our source says the attack cast a pretty wide net. One employee we spoke to has received around 10+ phishing phone call attempts as well. It’s possible the attackers somehow acquired a list of employee phone numbers to use in the phishing attack, but that is speculation at this time.
Given the number of affected employees, it’s statistically likely that a few fell for the scam. T-Mobile is aware of the attack internally however, so hopefully they’ve managed to mitigate the issue. It’s important to clarify that at this time there are absolutely no claims of customer information being breached. The only confirmed activity here is the phishing attack messages themselves. We’ll be sure to keep an eye on this story here at The T-Mo Report and will share more news as it comes.