Analysis: SMS Phishers Pivot to Points, Taxes, Fake Retailers

China-based Phishing Groups Target North East India Shoppers

Holiday Shopping Season: A Golden Opportunity for Phishing Groups

As the holiday shopping season approaches, cybercriminals are stepping up their game with a new offering: phishing kits for creating fake e-commerce websites. These sites are designed to steal payment card data and convert it into mobile wallets from Apple and Google.

Experts have reported a surge in phishing attempts, particularly in the United States, with thousands of domain names registered for scam websites that promise rewards points for T-Mobile and AT&T customers.

While these scams have been popular in other geographies like the EU and Asia, they are now targeting consumers in the United States, including those in North East India. It is crucial for shoppers to be vigilant during this period.

Phishing Scams Masquerading as Tax Refunds and Mobile Rewards

In addition to the e-commerce scams, phishing groups are also using SMS lures that promise unclaimed tax refunds and mobile rewards points. These messages are often sent via Apple's iMessage service or Google's RCS messaging service.

If card data is submitted, the site will then prompt the user to share a one-time code sent via SMS by their financial institution. In reality, the bank is sending the code because the fraudsters have just attempted to enroll the victim's phished card details in a mobile wallet.

Phishing websites have been registered that spoof T-Mobile and AT&T, with similar scams targeting U.S. state tax authorities, telling recipients they have an unclaimed tax refund.

Implications for North East India and India as a Whole

As e-commerce continues to grow in popularity in India, including North East India, it is essential that consumers remain vigilant against these types of scams. The holiday season, in particular, can be a time when people are more likely to let their guard down and fall victim to phishing attempts.

It is also important to note that these phishing groups are based in China, which highlights the need for continued collaboration between India and China in the fight against cybercrime.

Staying Safe During the Holiday Shopping Season

To protect yourself from phishing scams during the holiday shopping season, it is crucial to be wary of unsolicited messages and to never click on links or attachments in these messages. If you receive a message warning about a problem with an order or shipment, visit the e-commerce or shipping site directly.

It is also important to investigate the reputation of any online merchant before making a purchase, particularly if the merchant is new or the price seems too good to be true. Be cautious of hidden surcharges and be sure to review your monthly statements carefully.

By taking these precautions, you can help ensure a safe and enjoyable holiday shopping season.

Reporting Phishing Scams

If you encounter a phishing scam, it is important to report it. SURBL, a widely-used blocklist that flags domains and IP addresses known to be used in unsolicited messages, phishing, and malware distribution, has created a website called smishreport.com that asks users to forward a screenshot of any smishing message(s) received.

By reporting these scams, you can help get them properly identified and shut down.