A sophisticated SMS phishing campaign, known as “smishing,” is sweeping across the United States, targeting unsuspecting individuals with fake toll and delivery notifications. At the heart of this operation is a Chinese-developed smishing kit created by a threat actor known as Wang Duo Yu. This kit has been instrumental in facilitating widespread fraud, affecting users in multiple states and countries. Read more
???? The Toll Scam: A Nationwide Deception
Since October 2024, cybercriminals have been impersonating U.S. electronic toll collection systems like E-ZPass, sending fraudulent SMS messages and Apple iMessages to individuals in states including Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois, and Kansas. These messages claim the recipient has an unpaid toll, urging them to click on a link to resolve the issue.
Upon clicking, victims are directed to a fake E-ZPass page, where they are prompted to enter personal information and payment details. This data is then harvested by the attackers for financial theft.
???? The Delivery Deception: Failed Package Notifications
In addition to toll scams, the same smishing kits are used to send fake package delivery notifications. Victims receive messages claiming a package delivery failed due to incomplete address information, directing them to a fraudulent website to update their details and pay a small redelivery fee. This tactic has been employed globally, targeting postal services in over 121 countries.
???? The Smishing Kit: A Cybercriminal’s Toolkit
The smishing kit developed by Wang Duo Yu is a comprehensive tool that allows cybercriminals to easily create and manage phishing campaigns. It includes features like:
- Customizable Templates: Pre-designed phishing pages mimicking various services.
- CAPTCHA Challenges: Fake security measures to add legitimacy.
- Payment Processing: Forms to collect credit card information.
- Backdoor Access: A hidden feature that sends collected data back to the kit’s creator, enabling double theft.
These kits are sold on Telegram channels, with prices ranging from $20 to $50, depending on the features included according to The Hacker News
❓Why the “Reply ‘y’ to this message”
Ever wonder why they want you to reply to the SMS message? The answer is fairly simple: they need you to.
Apple restricts sending URL’s in messages from unverified sources. There are two ways they verify the sender:
- They are an established entity with Apple.
- You have exchanged communication with the sender.
Now, by replying to the sender with anything, you’ve validated them. That opens up them sending you a URL link to their website which will steal your information. If you don’t reply to them, they are blocked from sending you the *really* bad stuff. 🙂 And unfortunately, replying “Please remove me” also validates them.
Also, a reply validates you as a sucker…er, active phone number and that isn’t good either. You will be on a target list and they know they only need to find the right angle to get you hooked.
???? Global Reach and Impact
The Smishing Triad, the cybercrime group utilizing these kits, has a vast infrastructure, with over 60,000 domains used to host phishing sites. They claim to have “300+ front desk staff worldwide” to support their operations, which include credential harvesting from banks and financial organizations in Australia and the Asia-Pacific region.
????️ Protecting Yourself from Smishing Attacks
To safeguard against these scams:
- Think: Ask yourself if this really seems legit and if this is how they would send important information.
- Verify Messages: Contact the organization directly using official channels.
- Avoid Clicking Links: Do not click on links in unsolicited messages.
- Use Security Software: Keep your devices protected with up-to-date security solutions.
- Report Scams: Inform authorities about suspicious messages to help combat these threats.
Stay vigilant and informed to protect yourself from these evolving cyber threats.
