Tag: SMS fraud

  • China’s Smishing Triad Expands Phishing Tactics, Directly Targeting Banks

    China’s Smishing Triad Expands Phishing Tactics, Directly Targeting Banks

    In a worrying development for cybersecurity, a group of China-based cybercriminals known as the Smishing Triad is significantly ramping up its operations, now targeting customers of major global financial institutions. Originally focused on impersonating toll road operators and shipping firms, these attackers are leveraging sophisticated phishing techniques to convert stolen payment card data into mobile wallet accounts on platforms like Apple and Google. Experts warn that the group is rapidly expanding its cybercrime infrastructure and support staff, raising alarms about the increasing scale of this threat.

    Recent reports indicate that individuals using mobile devices are highly likely to have encountered phishing messages that mimic notifications from the U.S. Postal Service (USPS) or fake toll fees. Clicking on these falsified links leads to websites that solicit payment information under the guise of legitimate transactions. Once victims submit their card details, they are further misled into providing a one-time code sent by their bank, allowing fraudsters to access and enroll the victim’s card in compromised digital wallets. This illegal operation facilitates a new wave of fraud involving bulk sales of phones preloaded with stolen card information for illicit e-commerce transactions.

    A report by Resecurity highlighted the Smishing Triad’s early emergence and sophistication. Their phishing attacks, delivered through channels like iMessage for Apple users and RCS for Android, bypass traditional SMS networks, effectively ensuring a near-universal delivery rate.

    According to Prodaft, a Swiss threat intelligence firm, this organization has evolved into a loosely federated network of operators, including notable groups like Darcula and Lighthouse. The report indicates that the Smishing Triad is innovating in ways that allow them to target a vast user base, highlighting the disparity between organizations operating in shadows compared to their Russian-speaking counterparts. With phishing operations now targeting institutions like CitiGroup, PayPal, and various banks across multiple regions, experts remain cautious about the implications for global cybersecurity.

    The rapid proliferation of phishing domains has seen approximately 25,000 active domains operate at any given time, predominantly hosted by Tencent and Alibaba. As these cybercriminals refine their strategies, they present substantial challenges to financial institutions that have often relied on SMS for transaction verifications. Some institutions have begun migrating to more secure methods, mandating customers to use their mobile apps for linking cards to digital wallets in response to these enduring threats.

  • Surge in Phishing Attacks Imitating E-ZPass and Toll Authorities

    Surge in Phishing Attacks Imitating E-ZPass and Toll Authorities

    An alarming rise in phishing attacks targeting toll payment systems such as E-ZPass is currently unfolding. Recipients have reported receiving numerous fraudulent SMS and iMessage texts that aim to deceive individuals into divulging sensitive personal and financial information.

    The phishing messages contain links that redirect unsuspecting victims to imitation websites masquerading as legitimate toll agency portals. These websites create a façade of authenticity and attempt to gather confidential information, including names, email addresses, and credit card details.

    This trend is part of a series of scams that have been flagged previously, with the FBI’s warning in April 2024 serving as a stark reminder of the ongoing issue. Reports from BleepingComputer indicate a recent resurgence of this mobile phishing campaign, with an increased frequency of messages circumventing common anti-spam filters.

    The textual content of these messages conveys urgency, often threatening penalties such as additional fees or license suspension if payment is not made immediately. BleepingComputer shared examples of the fraudulent messages, highlighting the pressures and false claims made to the victims.

    Apple’s iMessage is designed to protect users by disabling clickable links in messages from unfamiliar sources. However, scammers have found ways to bypass this feature by instructing users to respond to their texts, thus activating the links. Victims who unknowingly click these links are led to a phishing page that closely resembles the genuine toll payment interface.

    The scale of this attack is considerable, with some users reporting up to seven scam messages a day, leading to mounting frustration within communities like Reddit.

    While the source of the messages remains unidentified, recent intelligence points to phishing-as-a-service platforms such as Lucid being integral to these operations. These platforms utilize encrypted messaging technologies, allowing for large-scale dispatch of deceitful text messages.

    Authorities urge anyone who encounters these messages to block the numbers and report them accordingly while advising against any responses to such scams, which can lead recipients to be targeted again.

    In case of genuine payment concerns, users are encouraged to access their toll authority’s official website directly to verify any outstanding balances and should file any complaints via the IC3 portal.

  • Russian Authorities Arrest Suspects Behind Mamont Banking Trojan

    Russian Authorities Arrest Suspects Behind Mamont Banking Trojan

    Russian authorities have arrested three individuals suspected of developing the Mamont malware, a recently identified banking trojan targeting Android devices. The arrests were made in the Saratov region, with the identities of the suspects remaining undisclosed. A video released by the Russian Ministry of Internal Affairs (MVD) shows the arrested individuals in handcuffs being escorted by police officers.

    According to the MVD, the arrested suspects are linked to over 300 cybercrime incidents, leading to the seizure of computers, storage devices, communication tools, and bank cards. The Mamont malware, which is typically delivered through Telegram channels, is disguised as legitimate mobile apps or video files, posing significant risks to victims.

    Once installed on a victim’s device, the malware enables criminals to transfer funds from the victim’s bank account via SMS banking services. The stolen money is directed to phone numbers and electronic wallets controlled by the culprits. Additionally, the malware can collect data about the infected device and exfiltrate messages regarding financial transactions to the attackers’ Telegram channel.

    In one concerning scheme, Mamont scammers set up fake online stores with attractively priced products. After a victim places an order, they send a malicious file disguised as an order tracker through a private Telegram channel, misleading the victim into installing it. In response to the escalating threat of SMS-based fraud, Russian lawmakers announced in February that they are drafting a bill to limit SMS sending during phone calls.

    Authorities noted that criminals frequently impersonate officers from law enforcement, the Russian postal service, hospitals, and other institutions to extract SMS codes from potential victims. The proposed legislation aims to ensure that SMS messages will only be delivered after a phone call has ended, potentially reducing the risk of such fraudulent activities.