A sophisticated smishing campaign appears to be sweeping across the U.S., making use of compromised Apple iCloud accounts to transmit iMessages with malicious intent. The culprits: a faction of cyber criminals proficient in Chinese. Their ultimate goal is identity theft and financial fraud. Resecurity, a reputable cybersecurity company, shed light on these operations in a recent study, pinpointing a scheme whereby a deceptive package tracking text is issued via iMessage. The unsuspecting victims are led to reveal their personal identification information (PII), along with their credit card credentials.
The criminal entity responsible for this widespread scam is the so-called Smishing Triad, known for their involvement in offering fraud-as-a-service. The group provides a readymade arsenal of smishing paraphernalia via Telegram, charging $200 a month. High-profile postal and delivery service providers in countries like the U.S., U.K., Poland, Sweden, Italy, Indonesia, Malaysia, and Japan are meticulously impersonated in these scams.
The group utilizes stolen Apple iCloud accounts to transmit phony package delivery failure alerts, thereby effectively urging recipients to click a link, seemingly to rearrange delivery, but with a sinister trick up the sleeve: a fraudulent form asking for credit card details. When Resecurity looked deeper into the inner workings of the smishing kit, they uncovered an SQL injection vulnerability, opening up access to a staggering 108,044 records of victim's data.
This fraudulent methodology allows for double-dealing, where the main Smishing Triad members can potentially gather personal and financial data from their clients using their kit. Cybercriminals frequently employ similar tactics in password stealers and phishing kits to pocket extra profits or to indirectly audit the activity of their clients.
The Smishing Triad is a well-structured organization involving graphic designers, web developers, and marketers who are responsible for creating top-notch phishing kits, which are then promoted on dark web-based criminal forums. Interestingly, several Vietnamese members have been noted to collaborate with the main players in these operations. The Triad further partners with other groups involved in financial crime to enlarge their reach.
However, text scamming linked to package tracking is not the only area the Triad operates in. They are also reported to carry out Magecart-style attacks, contaminating online shopping sites using malicious code injections to snatch customer data.
Resecurity concludes that smishing continues to be a prominent and quickly advancing attack modality, preying on consumers across the globe. The Triad's tactics cleverly amalgamate two time-tested methods: exploiting trust in social engineering and leveraging a phishing kit executed via iMessage. This approach has claimed a great many victims, particularly due to the higher trust placed in SMS and iMessage channels by users compared to email.
At Darksteel Technologies, we are an Orlando based business that can handle all aspects of your IT security. Providing compliance, training, malware protection, cloud security, devsecops, vulnerability management, penetration testing, architecture design, and any other information security requirement your business needs. We focus on your cybersecurity so you don't have to.