A new wave of fraudulent activity committed by the Chinese cybercriminal organization known as the “Smishing Triad” gang has been identified by security researchers. The group targets people by using fraudulent SMS messages that pretend to be from the USPS, FedEx and UPS.
Smishing Triad at Work
This gang sends an estimated 100,000 messages per day. It starts with a notification of extra fees required to deliver a package and they attempt to represent USPS, FedEx and UPS.
The Smishing Triad gang sends malicious links to victims’ mobile devices over SMS or iMessage. The gang uses URL-shortening services like Bit.ly to hide these linkages. The actual sender of the phishing messages is unknown and may possibly be using Caller ID or underground SMS spoofing services.
Potential victims are directed to a legitimate looking – but fake – website when they click on the malicious links where they can enter financial information to pay the additional shipping fee. Once they have your financial info, the criminals add your details to Apple Pay or Google Wallet accounts on “burner phones” and then go shopping on your dime. They also lease their malware as a subscription service to other cyber criminals.
Take Preventive actions
Stop and think: Don’t click links included in bogus messages or answer phone calls from numbers you don’t recognize.
Ignore the texts: Don’t respond to random texts, even if the message requests you “text STOP” to end future messages. This can alert a scammer you’re a real human, resulting in even more messages. Delete the text and report it as spam.
Keep Your Devices Updated: Keep your phone’s operating system and any security software you use updated to the latest version.
If you’re concerned that the message might be legitimate, go directly to the source for verification.
USPS: 1‑800‑ASK‑USPS (1‑800‑275‑8777)
FedEx: 1‑800‑GoFedEx (1‑800‑463‑3339)
UPS: 1‑800‑742‑5877
Wired article:
https://www.wired.com/story/usps-scam-text-smishing-triad
Bloomberg article:
https://www.bloomberg.com/news/newsletters/2024-08-21/chinese-phishing-crew-poses-as-delivery-services-to-steal-data?srnd=homepage-americas
Kim Komando:
https://www.komando.com/news/text-scam-chinese-phishing-crew-behind-fake-delivery-notifications/
For more than 20 years, David Snell’s Tech Talk has been a regular spot on The South Shore’s Morning News on 95.9 WATD fm. At 8:11, David chats with show host Rob Hakala about what’s happening in IT today. The subjects range from computer viruses, scams and cybercriminals to what Amazon, Apple or Microsoft are planning next.
He often shares new product information and reviews software that may help you, especially when there is a free version to try!
On this blog, he provides links, sources and other necessary information. And, on the Tuesday before Christmas, you can expect his annual NORAD Santa report!
If you have a question that you’d like him to answer on the show, please email him.