Chinese phishing groups are now sending scam SMS messages about unclaimed tax refunds and rewards points, aiming to steal payment card data. They create fake e-commerce sites that look legitimate, making it difficult for consumers to spot the fraud until it's too late. Experts warn that this increase in scams often coincides with the holiday shopping rush.

Google is suing over 25 individuals linked to Lighthouse, a phishing service that enables scammers to impersonate trusted brands and steal payment card data via text messages. The suit aims to disrupt a network known for targeting over a million victims worldwide, using sophisticated tactics to enroll stolen card information into mobile wallets.

Verizon's report emphasizes a significant oversight in mobile cybersecurity, revealing that organizations often neglect mobile security despite the rise of smishing attacks. With a high percentage of employees falling victim to these attacks, the report calls for better security practices and awareness to mitigate risks associated with personal mobile devices.

China-based SMS phishing groups, known as the "Smishing Triad," are increasingly targeting customers of international financial institutions by converting stolen payment card data into mobile wallets. Utilizing innovative phishing techniques and a vast cybercrime infrastructure, these groups are bypassing traditional SMS methods by sending messages through iMessage and RCS, achieving high delivery rates and expanding their operations globally. Experts emphasize the need for financial institutions to adopt more secure methods for verifying card enrollments to combat this rising threat.

Scammers are exploiting unsecured cellular routers from Milesight IoT to launch SMS phishing campaigns, known as smishing, that have been active since October 2023. Researchers found over 18,000 routers exposed online, with many allowing unauthorized access and running outdated firmware, making them an effective tool for decentralized phishing efforts targeting users in multiple countries.

Authorities are cautioning the public about SMS "blaster" scams that facilitate the sending of fraudulent texts without needing personal phone numbers. A recent case involved a man jailed for over a year for using such a device to send messages impersonating trusted organizations, highlighting the growing threat of smishing attacks.

New Yorkers are being targeted by a smishing campaign posing as the Department of Taxation and Finance, claiming to offer "Inflation Refunds" to steal personal and financial information. The state warns that eligible residents do not need to provide any information to receive their refunds, and any unsolicited requests for personal data via text or email are fraudulent. Governor Kathy Hochul emphasizes the importance of vigilance against such scams and encourages reporting to protect oneself.

A significant smishing campaign attributed to a Chinese-speaking threat actor, known as the Smishing Triad, has exploited over 194,000 domains to gather sensitive information, including Social Security numbers. The campaign impersonates various services, targeting users worldwide, and employs a decentralized approach to evade detection.

Silent smishing exploits vulnerable cellular router APIs to conduct phishing attacks via SMS, allowing attackers to access sensitive information without authentication. The article discusses various attack methods, including the impersonation of legitimate organizations, and emphasizes the need for vigilance against such threats.