Listen HERE
Security researchers have identified a new wave of fraudulent activity committed by the Chinese cybercriminal organization known as the “Smishing Triad” gang. The group targets people by using fraudulent SMS messages that pretend to be from the USPS, FedEx, and UPS.
Smishing Triad at Work
This gang sends an estimated 100,000 messages per day. It starts with a notification of extra fees required to deliver a package, and they attempt to represent USPS, FedEx, and UPS.
The Smishing Triad gang sends malicious links to victims’ mobile devices over SMS or iMessage and hides these linkages using URL-shortening services like Bit.ly. The actual sender of the phishing messages is unknown and may be using Caller ID or underground SMS spoofing services.
Potential victims are directed to a legitimate-looking – but fake – website when they click on the malicious links where they can enter financial information to pay the additional shipping fee. Once they have your financial info, the criminals add your details to Apple Pay or Google Wallet accounts on “burner phones” and then go shopping on your dime. They also lease their malware as a subscription service to other cybercriminals.
Take Preventive actions
Stop and think: Don’t click links included in bogus messages or answer phone calls from numbers you don’t recognize.
Ignore the texts: Don’t respond to random texts, even if the message requests you “text STOP” to end future messages. This can alert a scammer you’re a real human, resulting in even more messages. Delete the text and report it as spam.
Keep Your Devices Updated: Keep your phone’s operating system and any security software you use updated to the latest version.
If you’re concerned that the message might be legitimate, go directly to the source for verification.
USPS: 1‑800‑ASK‑USPS (1‑800‑275‑8777)
FedEx: 1‑800‑GoFedEx (1‑800‑463‑3339)
UPS: 1‑800‑742‑5877
Wired article:
https://www.wired.com/story/usps-scam-text-smishing-triad
Bloomberg article:
https://www.bloomberg.com/news/newsletters/2024-08-21/chinese-phishing-crew-poses-as-delivery-services-to-steal-data?srnd=homepage-americas
Kim Komando:
https://www.komando.com/news/text-scam-chinese-phishing-crew-behind-fake-delivery-notifications/
Deliver David's Tech Talk to my Inbox
We'll send David's weekly Tech Talk to your inbox - including the MP3 of the actual radio spot. You'll never miss a valuable tip again!
Contact Info:
David Snell,
ACTSmart IT
332 Main Street
Wareham, MA 02571
ACTSmartIT.com
David@ACTSmartIT.com –
855-WOW-Service ● 781-826-9665