"Early last year, Grant Smith received an alarmed message from his wife. She had gotten a text notification about a delayed package, clicked the link, and paid a fee. Then she realized that it was not, in fact, the United States Postal Service asking for her credit-card information-that she had no idea who had just collected her payment info. She quickly canceled the card."
"The Smiths had been smished. Short for "SMS phishing"-cyberattacks that arrive via text message- smishing refers to a particular type of spam message that you've probably received once or twice, if not dozens of times. They impersonate brands or federal agencies, such as Citigroup or USPS, in the hopes of getting people to hand over their personal information. Smith, it so happens, is a sort of hacker himself-he works in cybersecurity."
A smishing incident led a cybersecurity worker to discover vulnerabilities in a fake USPS site and access more than 400,000 stolen credit-card records. The attackers operate as a smishing triad, an organized-crime enterprise largely tied to China, which does not directly scam consumers but sells turnkey phishing kits. For roughly $200 per month, buyers can launch branded SMS-phishing campaigns without technical skills. These services impersonate banks and government agencies to harvest payment and personal data at scale, enabling extensive payment-card fraud and commercializing SMS-based cybercrime.
Read at The Atlantic
Unable to calculate read time
Collection
[
|
...
]