Chinese threat operation Smishing Triad has been ramping up smishing campaigns involving the spoofing of U.S. and UK toll service providers during the first three months of the year, according to Infosecurity Magazine.Tolling agencies E-ZPass, FasTrak, and I-Pass have been impersonated by attackers in fraudulent text alerts alleging unpaid bills, which include links redirecting to phishing sites that sought credit card details, login credentials, and other sensitive information, a report from Resecurity showed. Aside from leveraging more than 60,000 domains, most of which are managed by Hong Kong-based Elegant Leader Limited, such attacks also involved the exploitation of the Oak Tel service, also known as Carrie SMS, which not only allowed campaign management and sender name spoofing but also smishing attempt automation and data uploads, said Resecurity researchers, who urged the implementation of stronger smishing protections across instant messaging platforms. "Incorporating best practices and adapting them to the unique aspects of IM messaging can significantly increase the cost to the threat actors while decreasing the scale, effectiveness and conversion rates of attacks that utilize IM services as a key component," said Resecurity.
Generative artificial intelligence has been added to the Darcula phishing-as-a-service toolkit to enable the creation of phishing forms in several languages just months after the PhaaS platform was updated to facilitate website cloning without much difficulty, The Hacker News reports.
