Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Smishing Campaign. Show all posts

Smishing Surge: Tactics, Threats, and 'The Com'


Recently, what we are observed is that enterprises facing a persistent threat from social engineering tactics aimed at acquiring login credentials for crucial systems like Identity and Access Management (IAM), cloud resources, and Single Sign-On (SSO) platforms. Successful breaches through these entry points can lead to widespread access within an organization, paving the way for data theft and ransomware attacks. 

In 2024, there has been a notable surge in phishing attempts conducted over Short Message Service (SMS), commonly known as smishing. Attackers capitalize on the ease and directness of SMS communication to deceive targets into revealing sensitive information. 

Do You Know What Tactics Cybercriminals employ to steal sensitive data through smishing? Let's Understand 

First is Malware Distribution, through smishing, malicious attackers lure victims into clicking on URLs that lead to the download of malware, or malicious software, onto their devices. This malware often disguises itself as a legitimate application, deceiving users into inputting confidential information. Once installed, the malware can intercept and transmit this data to the cybercriminals, compromising the victim's security. 

Second is the Creation of Malicious Websites, another tactic that involves directing victims to fake websites via smishing messages. These malicious websites are meticulously crafted to resemble legitimate platforms, enticing users to enter sensitive personal information. Cybercriminals utilize these custom-made sites to harvest data, capitalizing on the trust users place in recognizable interfaces. 

Additionally, it often happens when a group of malicious actors or an attacker establish deceptive domains mimicking legitimate platforms, such as a company's HR system. This tactic adds an air of authenticity to their phishing attempts, increasing the likelihood of success. 

 Do We Know What Group is Behind This? Yes

The perpetrators behind these attacks are a diverse group of threat actors collectively known as "The Com" or "The Community." This is an umbrella term which involves a majority of attackers, primarily young, operating across Canada, the U.S., and the U.K. Additionally, the group engages in various cybercriminal activities, including SIM swapping, cryptocurrency theft, swatting, real-life violence commissioning, and corporate intrusions. 

Furthermore, "The Com" has been identified as the source behind several high-profile breaches in recent years. Moreover, this online community shares overlaps with other research clusters and intrusion groups like Scattered Spider, Muddled Libra, UNC3944, and Octo Tempest.

Smishing: SMS Phishing Attacks And How to Thwart Them

 

Smishing is a fast growing version of one of the most established and lucrative scams on the internet. Smishing, like other forms of phishing, aims to trick you into revealing sensitive data and information; however, instead of email, cybercriminals use text messaging or short message services (SMS) to interact with you. Smish attempts are frequently delivered as regular SMS to mobile phone subscribers, but they can also be sent via popular messaging apps. 

Smishing is a type of social engineering in which fraudsters exploit emotions such as fear, sympathy, curiosity, or greed to induce others to reveal personal or business information. They manage this by sending fake messages to your phone or other mobile device that appear to be from a trustworthy source, such as a delivery service, utility supplier, bank, or government agency.

The information they seek could include usernames, passwords, bank account numbers, credit card numbers, vendor names, and other confidential data. The data is subsequently sold on the dark web by cybercriminals, who can also employ it to steal identities, empty bank accounts, or reroute funds to themselves.

Smishing is more tempting to cybercriminals since users are more likely to trust texts over other kinds of communication. In fact, people respond to 45 percent of their texts, but only 6 percent of their emails receive a response. This is most likely due to years of email oversaturation; inboxes bombarded with promotional offers and spam have been trained users to be wary. 

Prevention tips

Here are five ways to prevent scammers from stealing private data: 

  • Never click on hyperlinks in texts from suspicious or unknown numbers. If the link is a brief, shortened URL, this is twice as true. Shorter URLs are frequently cited as a telltale sign that fraudsters are attempting to conceal obviously fake URLs in SMS messages. 
  • Be cautious; if you are persuaded to pay or disclose personal information, take a moment to confirm that the source is authentic and trustworthy. 
  • Never respond to texts from unknown or suspect numbers, especially if they ask you to do so. This notifies scammers that your phone number is active, and you may be added to spam lists and harassed further
  • To protect against malware concealed in smishing URLs, keep your phone's operating system up to date at all times.
  • Pay attention to telltale signs of social engineering, such as urgent messages or get-rich-quick schemes. If something appears to be too good to be true, it most likely is.

T-Mobile Users Targeted via New Smishing Campaign

 

Threat actors are targeting T-Mobile customers in an ongoing smishing campaign with malicious links using unblockable texts sent via SMS (Short Message Service) group messages. The New Jersey Cybersecurity & Communications Integration Cell (NJCCIC) issued a warning after multiple users have filed reports of being targeted by this new SMS phishing campaign. 

"The messages vary but typically thank the recipient for paying their bill and offer a gift. The messages include a link to accept the gift," according to the NJCCIC, which operates within the state's Office of Homeland Security and Preparedness and deals with these types of incidents. “These links may lead to malicious websites intending to steal account credentials or personal information, or install malware."

Earlier this year in In March, an identical series of smishing attacks also targeted Verizon Wireless and Spectrum users, mimicking the carriers in text messages spoofed to appear like they were sent from the target's phone number. 

The Federal Trade Commission also issued a warning to T-Mobile users to watch out for fraudsters sending them texts from their numbers. "They’ve changed (spoofed) the caller ID to look like they’re messaging you from your number, but the shock of getting a text from yourself is bound to get your attention — which is what they’re after," the FTC said. 

Cybercriminals using information from previous data breaches The NJCCIC believes that the smishing campaign was likely made possible due to previous data breaches affecting the mobile carrier and millions of its users. 

Since 2018, when info belonging to 3% of T-Mobile customers was stolen by hackers, T-Mobile has disclosed five other data breaches. In 2020, T-Mobile employees' email accounts were compromised, and phone numbers and call records were accessed by unauthorized third parties.

NJCCIC meanwhile is advising T-Mobile users targeted by smishing campaigns to contact directly to official websites and avoid clicking links delivered in SMS text messages from anonymous contacts and refrain from providing critical details to unauthorized websites.

Additionally, the firm recommended users to mute the text thread to stop getting alerts if anyone replies. They can delete the message thread, too, although that won't stop new texts from arriving.