Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign

In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK.

These campaigns exploit toll payment services like FasTrak, E-ZPass, and I-Pass, with expectations of expanding globally.

The Smishing Triad’s Modus Operandi

The group employs fraudulent text messages that appear to come from legitimate tolling agencies, demanding payment for supposed unpaid tolls or requesting sensitive information.

This tactic not only aims to extract money but also to steal personal and financial data for future victimization.

The campaign’s scale is vast, utilizing over 60,000 domain names, which complicates efforts by platforms like Apple and Android to block these fraudulent activities effectively.

Cybercriminals leverage underground bulk SMS services to send millions of malicious instant messages (IM) at scale.

These services allow attackers to modify the Sender ID (SID) to impersonate legitimate organizations, thereby increasing the likelihood of victims responding or clicking on fraudulent links.

For instance, sending 1,000 smishing messages to UK consumers costs around $8.00, highlighting the affordability and accessibility of these services for cybercriminals.

Oak Tel: A Key Player in Smishing Operations

Resecurity has identified an underground service named “Oak Tel,” also known as “Carrie SMS,” which is frequently used by the Smishing Triad and other cybercriminals.

This service supports the SIDs of numerous US-based financial institutions, enabling attackers to craft convincing smishing messages.

The service, hosted at oak-tel[.]com, provides a web panel for managing campaigns, tracking statistics, and even allows for dynamic SMS content creation.

Mitigating smishing is challenging due to the impersonation of legitimate organizations through SID spoofing.

Consumers are advised to verify any toll-related claims through official websites, avoid clicking on links in unsolicited text messages, and report suspicious messages to authorities.

Additionally, enabling security features on smartphones, such as spam filters and message blocking, can help reduce the number of smishing attempts received.

Carriers and IM service providers are urged to enhance their spam protection mechanisms, learning from email spam protection strategies.

This includes implementing throttling, content monitoring, and improving IP and phone number reputation systems to increase the cost for threat actors and decrease the effectiveness of smishing campaigns.

The Smishing Triad’s activities underscore the need for heightened vigilance among consumers and more robust security measures from service providers to combat this growing threat.

Find this News Interesting! Follow us on Google News, LinkedIn, & X to Get Instant Updates!