Resecurity, a cybersecurity firm, has recently uncovered a new smishing campaign targeting smartphone users in Pakistan. The group behind this campaign, known as the Smishing Triad, is notorious for its cybercriminal activities and has set its sights on stealing personal and financial information from unsuspecting victims.
According to a report by Resecurity, the Smishing Triad has a history of targeting online banking, e-commerce, and payment systems in regions such as the US, EU, UAE, and KSA. Now, they have expanded their operations to target users in Pakistan. The group’s tactics involve impersonating trusted entities, creating a sense of urgency, and ultimately tricking users into revealing valuable information.
The Smishing Triad originates from China and primarily uses smishing attacks as their main method of operation. In a previous incident in September 2023, the group was found impersonating leading mail and logistics delivery services from various countries. Their modus operandi involves using smishing, which is a combination of SMS and phishing, to lure victims into divulging sensitive data.
In this current campaign targeting Pakistani users, the Smishing Triad is impersonating Pakistan Post, a trusted national institution, using local phone numbers to create a sense of authenticity. They send text messages demanding payment and credit card details to cover additional fees, exploiting the trust users have in the postal service. This campaign began in May and peaked in June 2024, with messages claiming to be from courier firms like TCS, Leopard, and FedEx, or addressing urgent account issues.
The group is sending around 50,000-100,000 messages daily to unsuspecting recipients, leveraging stolen databases from the Dark Web that contain citizens’ data, including phone numbers. Victims include customers of major mobile carriers in Pakistan, such as Jazz/Warid, Zong, Telenor Pakistan, and Ufone, who have reported receiving deceptive messages on platforms like Reddit.
To evade detection, the threat actors behind the campaign used URL shortening services and QR code generation to mask their malicious activities. The National Cyber Emergency Response Team of Pakistan (PKCERT) has issued a security advisory to alert citizens and telecom operators about the ongoing scam, urging them to take proactive measures to protect themselves.
To safeguard against smishing attacks, individuals are advised to be skeptical of text messages, avoid clicking on links from unknown sources, verify the legitimacy of messages, use security software on their devices, and report any suspicious activities to their mobile service provider.
As the Smishing Triad continues to target unsuspecting users in Pakistan, it is crucial for individuals to remain vigilant and take necessary precautions to protect themselves from falling victim to these malicious attacks. With ongoing efforts from cybersecurity firms and authorities, raising awareness about these scams is essential to prevent further financial and personal data theft.