SMS Phishers Pivot to Points, Taxes, Fake Retailers
Summary
SMS phishing groups originating from China are evolving their tactics to include fake e-commerce sites that harvest payment card data and convert it into Apple Pay and Google Pay wallets. These groups are also using SMS lures related to unclaimed tax refunds and mobile rewards points to further broaden their attack surface.
IFF Assessment
The evolution of phishing tactics to include fraudulent e-commerce sites and the exploitation of tax refunds and rewards points makes attacks more convincing and increases the potential victim pool.
Severity
Defender Context
Defenders should monitor SMS traffic for suspicious links and educate users about the evolving tactics of SMS phishing campaigns, particularly those involving e-commerce, tax refunds, and rewards programs. It is also important to raise user awareness on how to identify fake websites and report suspicious SMS messages to prevent further exploitation and data compromise. Trend analysis suggests phishing campaigns will likely become more targeted and personalized.