Up to 100,000 fraudulent messages are sent out daily.
Pakistani bank users have become the target of a new phishing campaign by the Smishing Triad group. Cybercriminals send fake messages on behalf of Pakistan Post in an attempt to steal personal and financial information. Experts from Resecurity managed to detect this malicious activity.
Smishing itself is a combination of SMS messages and phishing, used to trick victims into revealing sensitive data. In the case reviewed by cyber experts, the attackers posed as the Pakistan Post, using local phone numbers to create the illusion of authenticity, demanding payment and credit card details to cover additional fees.
The Resecurity report mentions that the Smishing Triad has previously targeted online banking, e-commerce, and payment systems in the US, EU, UAE, and Saudi Arabia, and now targets Pakistan as well. The "Smishing Triad" tactic remains the same: they pose as a trusted organization, create a sense of urgency, and steal valuable information.
The group is based in China and uses smishing as its main attack method. In September 2023, they forged messages from leading postal and logistics services around the world, including the USPS, Correos, New Zealand Post and The Royal Mail. And in December, they pretended to be civil servants from the United Arab Emirates. This year, the group's activity started in May and peaked in June.
Messages are sent via iMessage and SMS, attracting recipients with messages about undelivered packages from TCS, Leopard, FedEx and other courier companies, or about urgent problems with their accounts. Every day, between 50,000 and 100,000 messages are sent using stolen databases from the darknet containing citizens information, including phone numbers.
Users of mobile operators in Pakistan such as Jazz/Warid, Zong, Telenor Pakistan and Ufone on the Reddit platform have confirmed receiving similar phishing messages.
The most active smishing sets were found on the hosts "pk-post-goi.xyz" and "ep-gov-ppk.cyou", created by an attacker imitating the Express Mail Track & Trace System.
Most of the domains were registered through the NameSilo service using anonymous data and fake contact information, which Resecurity experts managed to successfully eliminate.
The attackers also used URL shortening and QR code generation services to bypass detection, including the QR Code Generator, IS[.]GD, and 2h[.]ae and Linkr[.]it.
Pakistan's National Cyber Emergency Response Team (PKCERT) has issued an advisory warning, urging citizens to take proactive measures to protect themselves from this type of fraud.
Telecommunications operators in Pakistan have also been warned about the need to improve their fraud detection systems and block malicious activity.
To protect against attacks, local residents are advised to be skeptical, ignore suspicious messages, avoid clicking on questionable links, use antivirus software, and report any fraud attempts to their mobile operator.
Pakistani bank users have become the target of a new phishing campaign by the Smishing Triad group. Cybercriminals send fake messages on behalf of Pakistan Post in an attempt to steal personal and financial information. Experts from Resecurity managed to detect this malicious activity.
Smishing itself is a combination of SMS messages and phishing, used to trick victims into revealing sensitive data. In the case reviewed by cyber experts, the attackers posed as the Pakistan Post, using local phone numbers to create the illusion of authenticity, demanding payment and credit card details to cover additional fees.
The Resecurity report mentions that the Smishing Triad has previously targeted online banking, e-commerce, and payment systems in the US, EU, UAE, and Saudi Arabia, and now targets Pakistan as well. The "Smishing Triad" tactic remains the same: they pose as a trusted organization, create a sense of urgency, and steal valuable information.
The group is based in China and uses smishing as its main attack method. In September 2023, they forged messages from leading postal and logistics services around the world, including the USPS, Correos, New Zealand Post and The Royal Mail. And in December, they pretended to be civil servants from the United Arab Emirates. This year, the group's activity started in May and peaked in June.
Messages are sent via iMessage and SMS, attracting recipients with messages about undelivered packages from TCS, Leopard, FedEx and other courier companies, or about urgent problems with their accounts. Every day, between 50,000 and 100,000 messages are sent using stolen databases from the darknet containing citizens information, including phone numbers.
Users of mobile operators in Pakistan such as Jazz/Warid, Zong, Telenor Pakistan and Ufone on the Reddit platform have confirmed receiving similar phishing messages.
The most active smishing sets were found on the hosts "pk-post-goi.xyz" and "ep-gov-ppk.cyou", created by an attacker imitating the Express Mail Track & Trace System.
Most of the domains were registered through the NameSilo service using anonymous data and fake contact information, which Resecurity experts managed to successfully eliminate.
The attackers also used URL shortening and QR code generation services to bypass detection, including the QR Code Generator, IS[.]GD, and 2h[.]ae and Linkr[.]it.
Pakistan's National Cyber Emergency Response Team (PKCERT) has issued an advisory warning, urging citizens to take proactive measures to protect themselves from this type of fraud.
Telecommunications operators in Pakistan have also been warned about the need to improve their fraud detection systems and block malicious activity.
To protect against attacks, local residents are advised to be skeptical, ignore suspicious messages, avoid clicking on questionable links, use antivirus software, and report any fraud attempts to their mobile operator.
