Renato Marinho detailed an unusual SMS phishing campaign that hit Brazilian users. All started with an SMS message supposedly sent from his bank asking him to update his registration data. The message aims to take the victim to a fake and very simplistic mobile version of a well-known bank website. It asks for the CPF (a kind of social security card number) and a password, as seen in Figure 2. The victims smartphone will prompt the user to select a picture from its library or take a new one which is exactly what the user is induced to do.”]
Source: https://securityaffairs.co/wordpress/61087/cyber-crime/sms-phishing-photograph-token-card.html