Known in cybercrime circles as SMS Bandits, the phishing campaign involved scammers sending fake SMS messages in bulk via fake organizations such as PayPal, telecommunications providers, tax collection agencies, and organizations involved in anti-tax relief efforts. COVID-19 pandemic.
SMS Bandits also provided their own bulletproof hosting service advertised as a free speech support platform where customers could host any content without restrictions. Invariably, that content was sites designed to impersonate the credentials of users of various online services.
This OTP agency advertises a service designed to help intercept the one-time passwords required to log into multiple websites. The customer enters the target’s phone number and name, and the OTP Agency will initiate an automated phone call to the target that alerts them to unauthorized activity on their account.
By sending fraudulent SMS by the millions, SMS Bandits operators gained access to the account credentials of several popular websites that they sold in the dark web marketplaces they controlled. The operators of the fraudulent service also used other pseudonyms such as Bamit9, Gmuni and Uncle Munis in dark web forums.
Sasha Angus, a partner at the cyber intelligence firm, said the phishing messages sent by SMS Bandits were free of grammatical and spelling errors, making it difficult for people to identify them as fake or fraudulent.
It is understood that the man behind this campaign was arrested but the problem is that although the suspect behind SMS Bandits has been arrested, Smishing is here to stay and will only increase in frequency and sophistication over time with the advancement of technology. with which we must look for better forms of protection.
Related topics:
Be very careful with SMS frauds & scams
Where do the most cyberattacks come from?
[…] read:Fraudulent campaigns called SMS BanditsSmishing , Beware of fake […]