Triad cleverly impersonates postal/delivery services like Royal Mail or USPS to trap unsuspecting US citizens in its newly detected smishing campaign.
Cybersecurity rsearcgers at Resecurity have published an advisory about the newly discovered large-scale smishing campaign from the Chinese-speaking cybercrime group Smishing Triad targeting US-based users through impersonating popular mail and delivery services.
According to Resecurity, Smishing Triad originates from China and uses smishing attacks as its primary attack vector. Researchers found that Smishing Triad has affiliations with several different cybercrime groups and that the group offers cybercrime-as-a-service infrastructure with its Smishing kit subscription starting at $200/month. Subscribers receive activation codes and deployment scripts with different frameworks.
“It is complicated to disrupt cyber-criminal activity committed by actors located in foreign jurisdictions like China without proper regulatory harmonization and mutual legal assistance abroad. Resecurity is thus sharing information about the ‘Smishing Triad’ with the cybersecurity community and general public to raise awareness to help organizations better safeguard their customers,” the advisory read.
Smishing (aka SMS Phishing), scammers exploit SMS or text message features and services to trap unsuspecting users into revealing sensitive personal and financial details, including passwords, banking credentials, and debit/credit card numbers, and lure them into downloading malicious software.
Threat actors mimic some credible government or private entity for instance, postal services, government institutions, or banks for creating a sense of legitimacy around these messages.
The group generally exploits iMessage service for sending package-tracking scams, and steals PII (personally identifiable information) and financial data (such as payment card details or banking credentials) to conduct credit card fraud and identity theft.
This time, Smishing Triad has changed its strategy slightly and exploits messages from compromised Apple iCloud accounts to trick users. Its smishing kit is also up for sale on Telegram IM groups to create an extensive and well-organized fraud-as-a-service network.
Resecurity threat intelligence team accessed and reverse-engineered one such kit and discovered an SQL injection vulnerability through which they could retrieve sensitive data of more than 108,000 victims and warned them about the likelihood of identity theft.
In this campaign, Smishing Triad is targeting US citizens. The group impersonates most leading postal and delivery services to trick users, including the following:
- USPS
- Correos (Spain)
- New Zealand Post
- The Royal Mail (UK)
- Postnord (Sweden)
- Poczta Polska (Poland)
- J&T Express (Indonesia)
- New Zealand Postal Service (NZPOST)
- Poste Italiane and the Italian Revenue Service (Agenzia delle Entrate)
The victim receives a message from any of these services requesting additional information or payment of delivery fees through a credit card. After obtaining the desired information, the attackers can commit financial fraud.
In its earlier campaigns, the group targeted users from diverse regions such as the UK, Poland, Japan, Indonesia, Sweden, and Italy.
Protecting yourself from smishing (SMS phishing) is important for safeguarding your personal information and financial security. Here are five points to help you stay safe from smishing:
Additionally, keeping your phone’s operating system and apps up-to-date, using strong and unique passwords for your accounts, and enabling two-factor authentication wherever possible can further enhance your protection against smishing and other cyber threats.
Your email address will not be published.
Super secure VPN
Minimal data logging
Favorable privacy policy
Visit IPVanish
Hackread.com is among the registered trademarks of Gray Dot Media Group Ltd. Company registration number 12903776 in regulation with the United Kingdom Companies House. The registered address is 85 Great Portland Street, London, England, W1W 7LT The display of third-party trademarks and trade names on the site do not necessarily indicate any affiliation or endorsement of Hackread.com. If you click an affiliate link and buy a product or service, we may be paid a fee by that merchant.