Smishing Triad Targeted USPS and US Citizens for Data Theft
Cyber Security Threat Summary:
The "Smishing Triad" cybercriminal group, believed to be Chinese-speaking, has been targeting individuals worldwide through a package tracking text scam sent via iMessage. Impersonating various postal services and government agencies, including the Royal Mail, New Zealand Postal Service, Correos, Postnord, Poste Italiane, and the Italian Revenue Service, the group aims to collect personal and payment information for identity theft and credit card fraud. This form of phishing, known as smishing, uses deceptive text messages to lure victims into sharing sensitive data. Notably, the "Smishing Triad" primarily employs iMessage, with the campaign peaking in August. The group also attacks online shopping platforms, injects malicious code to intercept customer data, and offers customized "smishing kits" to other cybercriminals.
Security Officer Comments:
Attacks like the "Smishing Triad" package tracking text scam are convincing due to their clever impersonation of trusted organizations, the creation of urgency in their messages, and the use of official-looking formats. These tactics exploit victims' trust in the entities being impersonated and often catch them off guard, leading to the disclosure of personal and financial information. Additionally, the timing of these scams, targeting people during relevant events or seasons, and the use of trusted communication channels like iMessage further contribute to their effectiveness.
Suggested Correction(s):
Law enforcement agencies and industry collaboration are essential to combating such threats effectively.
Link(s):
https://securityaffairs.com/150335/cyber-crime/smishing-triad-targeted-us-citizens.html