Carding
Professional
- Messages
- 2,871
- Reaction score
- 2,331
- Points
- 113
Hackers have created an entire industry of turnkey fraud on Telegram.
Resecurity cybersecurity specialists warned of a large-scale smishing campaign targeting American delivery service customers. The campaign is being carried out by the Smishing Triad group.
The Smishing Triad is a new Chinese-language cybercrime group. Hackers specialize in smishing attacks aimed at collecting victims' personal and financial information. The group primarily uses iMessage to send fraudulent messages, imitating various email and financial services. The victims of the group were citizens of the USA, Great Britain, Poland, Sweden, Italy, Indonesia, Japan and other countries. The group uses domains registered in various zones, including .top, .com, .me, .shop, .site and .cc.
The Smishing Triad also offers specialized smishing kits to other cybercriminals, which are sold through Telegram groups. Bundle subscriptions start at $200 per month with additional customer support on higher plans.
The Smishing Triad typically uses iMessage to send fraudulent package tracking messages and steal victims' Personally Identifiable Information (PII) and financial data (such as payment card information or bank details) for credit card fraud and identity theft.
In the discovered campaign, the Smishing Triad has changed its strategy slightly and is using messages from compromised Apple iCloud accounts to trick users. It was also revealed that the Smishing Triad smishing toolkit is being sold in Telegram groups, creating a vast and well-organized scam network.
The Smishing Triad Telegram channel sells smishing kits
Resecurity's threat intelligence team gained access to one of these kits and performed reverse engineering. The team discovered an SQL injection vulnerability that could allow hackers to obtain sensitive data from more than 108,000 users, and warned potential victims about the possibility of identity theft.
In the current campaign, US citizens are targeted. Fraudsters are faking messages from leading delivery services such as:
The victim receives a message asking them to provide additional information or pay for shipping via credit card. After obtaining the necessary data, attackers can commit financial fraud.
Resecurity cybersecurity specialists warned of a large-scale smishing campaign targeting American delivery service customers. The campaign is being carried out by the Smishing Triad group.
The Smishing Triad is a new Chinese-language cybercrime group. Hackers specialize in smishing attacks aimed at collecting victims' personal and financial information. The group primarily uses iMessage to send fraudulent messages, imitating various email and financial services. The victims of the group were citizens of the USA, Great Britain, Poland, Sweden, Italy, Indonesia, Japan and other countries. The group uses domains registered in various zones, including .top, .com, .me, .shop, .site and .cc.
The Smishing Triad also offers specialized smishing kits to other cybercriminals, which are sold through Telegram groups. Bundle subscriptions start at $200 per month with additional customer support on higher plans.
The Smishing Triad typically uses iMessage to send fraudulent package tracking messages and steal victims' Personally Identifiable Information (PII) and financial data (such as payment card information or bank details) for credit card fraud and identity theft.
In the discovered campaign, the Smishing Triad has changed its strategy slightly and is using messages from compromised Apple iCloud accounts to trick users. It was also revealed that the Smishing Triad smishing toolkit is being sold in Telegram groups, creating a vast and well-organized scam network.
The Smishing Triad Telegram channel sells smishing kits
Resecurity's threat intelligence team gained access to one of these kits and performed reverse engineering. The team discovered an SQL injection vulnerability that could allow hackers to obtain sensitive data from more than 108,000 users, and warned potential victims about the possibility of identity theft.
In the current campaign, US citizens are targeted. Fraudsters are faking messages from leading delivery services such as:
- USPS (USA);
- Correos (Spain);
- New Zealand Post (New Zealand);
- Royal Mail (UK);
- Postnord (Sweden);
- Poczta Polska (Poland);
- J&T Express (Indonesia);
- Poste Italiane and Italian Tax Office (Agenzia delle Entrate).
The victim receives a message asking them to provide additional information or pay for shipping via credit card. After obtaining the necessary data, attackers can commit financial fraud.
