All news with #smishing tag

📱 Canadian police arrested three men for operating an SMS blaster in Toronto that impersonates cellular towers to push phishing texts to nearby phones. Investigators said Project Lighthouse began in November 2025; searches on March 31 in Markham and Hamilton recovered multiple devices. Authorities estimate about 13 million instances of network entrapment and warn SMS is insecure, advising users to avoid following text links and use encrypted channels for sensitive communications.

🚨 Scammers are sending fake "Notice of Default" traffic violation texts impersonating state courts and urging recipients to scan an embedded QR code to pay a $6.99 balance. Scanning the code leads to an intermediary site with a CAPTCHA, then redirects to phishing pages posing as state DMVs that harvest personal and credit card data. These campaigns have targeted multiple states; ignore unexpected payment texts and never provide payment details to unknown senders.

🔍Tax season 2026 brings a renewed surge in IRS-related scams as fraudsters exploit email, text and phone channels to steal refunds and personal data. Scammers impersonate the IRS, tax preparers or software vendors with spoofed logos, domains and caller IDs, and may demand unusual payments or coax victims into filing fraudulent returns. Watch for phishing/smishing/vishing, W-2 fraud, fake tax credits and dishonest preparers. Protect accounts with MFA, consider an IP PIN, file early and report suspicious messages to phishing@irs.gov.

🔒 Apple Pay's convenience has made it a target for social-engineering scams; attackers generally manipulate users rather than exploit the platform's tokenization or biometric defenses. The article outlines common schemes — phishing/smishing, marketplace and overpayment/refund frauds, fake receipts, unsolicited payments, and evil‑twin Wi‑Fi — and highlights red flags like requests for 2FA codes. Recommended defenses include enabling Stolen Device Protection, turning on card notifications, using chargeback-eligible cards, and employing a VPN on public networks.

📦 Cybercriminals are exploiting the holiday rush, with NordVPN reporting an 86% month-over-month increase in malicious postal service websites. Fraudsters impersonate carriers such as DHL and USPS, using smishing and phishing links to steal data; DHL spoof sites rose 206% while USPS impersonations jumped 850% in one month. Consumers are urged to avoid unsolicited tracking links, verify tracking numbers on official carrier sites or apps, inspect sender details for altered domains, and report suspicious messages to carriers or the FTC.

🔒 OpenAI confirmed a customer data exposure after its analytics partner Mixpanel suffered a smishing attack on November 8, which allowed attackers to access profile metadata tied to platform.openai.com accounts. Stolen fields included names, email addresses, approximate location, OS/browser details, referrers, and organization or user IDs. OpenAI says ChatGPT and core systems were not breached and that no API keys, passwords, payment data, or model payloads were exposed. The company has terminated its use of Mixpanel and is notifying impacted customers directly.

🔒 OpenAI has notified some ChatGPT API customers that limited identifying information was exposed following a breach at its third‑party analytics vendor, Mixpanel. Mixpanel says the incident resulted from a smishing campaign detected on November 8, and OpenAI received details of the affected dataset on November 25. Exposed fields may include names, emails, coarse location, device and browser metadata, referring websites, and account IDs, but OpenAI says no chats, API requests, usage data, passwords, API keys, payment details, or government IDs were exposed. OpenAI has removed Mixpanel from production, begun notifying affected parties, and is warning users to watch for phishing attempts and enable 2FA.

🔍 Dark Atlas has uncovered a growing cluster of fraudulent domains used by the Chinese-speaking Smishing Triad to impersonate major Egyptian and global service providers, including Fawry, Egypt Post and Careem. Analysts traced malicious infrastructure in AS132203 — linked to Tencent facilities — after examining HTTP headers and running targeted Shodan searches, which revealed additional spoofed pages for brands such as UnionPay and TikTok. The group advertises a configurable smishing kit on Telegram that automates deployment of multilingual phishing templates for delivery, telecom, government and payment services worldwide.

🛡️ Google has filed a civil lawsuit in the Southern District of New York to dismantle Lighthouse, a phishing-as-a-service kit used to power large-scale SMS phishing (smishing) campaigns. The company says the kit — likely run from China and marketed on Telegram — offered more than 600 templates mimicking over 400 organizations and targeted more than one million people across 121 countries. Google is pursuing legal remedies and supporting new legislation while deploying technical protections such as AI-powered scam flagging and expanded account recovery options.

📱 Google has filed suit in the Southern District of New York to unmask and disrupt 25 unnamed operators tied to Lighthouse, a China-based phishing kit that has victimized over one million people across 120 countries. The complaint alleges Lighthouse powers a “Smishing Triad” that spoofs trusted brands, blasts mass text lures, and automates enrollment of stolen cards into mobile wallets using one-time verification codes. Google asserts trademark infringement and RICO claims and seeks to dismantle the coordinated groups behind the service.

🛡️ Google has asked a US court to dismantle infrastructure used by the Lighthouse phishing‑as‑a‑service operation after identifying at least 107 sign‑in templates that mimic Google branding. The service is marketed to attackers who send smishing links and host fraudulent sign‑in pages to harvest credentials. Google also urged Congress to consider GUARD, Foreign Robocall Elimination and SCAM bills to bolster enforcement and funding. The company declined additional comment.

⚖️ Google has filed a lawsuit to dismantle the Lighthouse phishing‑as‑a‑service platform accused of enabling global SMS phishing (“smishing”) that impersonates USPS and toll providers. The company says Lighthouse has impacted more than 1 million victims in 120 countries and that similar scams may have exposed up to 115 million U.S. payment cards between July 2023 and October 2024. Google’s complaint invokes federal racketeering, trademark, and computer fraud laws and seeks to seize the infrastructure hosting fraudulent templates that even mimic Google sign‑in screens.

🛡️ Google has filed a lawsuit seeking to dismantle Lighthouse, a China-linked phishing-as-a-service platform accused of powering global SMS phishing ("smishing") campaigns that impersonate USPS and E-ZPass. Google says Lighthouse has impacted more than 1 million victims across 120 countries and that phishing templates even display Google's branding to trick users. The company is pursuing federal claims including RICO, the Lanham Act, and the CFAA while expanding AI and product protections.

⚖️ Google has filed a civil lawsuit in the U.S. District Court for the Southern District of New York against China-based operators of the PhaaS kit Lighthouse, which Google says has ensnared over one million users across 120 countries. The platform is accused of powering industrial-scale SMS phishing and smishing campaigns that impersonate trusted brands like E-ZPass and USPS to steal financial data. Google alleges the actors illegally used its trademarks on at least 107 spoofed sign-in templates and seeks to dismantle the infrastructure under the RICO, Lanham Act, and the Computer Fraud and Abuse Act. Security firms link Lighthouse to a broader PhaaS ecosystem including Darcula and Lucid, and to a smishing syndicate tracked as Smishing Triad.

📱 The Swiss NCSC warns of smishing attacks that impersonate Apple's Find My team, telling owners their lost iPhone has been found to lure them to a fake login page. Messages can cite device details visible on the lock screen and use the displayed contact info to target victims. The counterfeit pages request the user's Apple ID and password, which attackers then use to remove Activation Lock. Users should enable Lost Mode, avoid unsolicited links, use a dedicated contact email, and protect their SIM with a PIN.

📉 Juniper Research predicts an 11% decline in consumer SMS fraud losses in 2026, dropping from $80bn in 2025 to $71bn. The firm credits reduced messaging volumes and stronger operator security—especially enhanced firewall capabilities—for making it harder for fraudsters to conceal malicious traffic. Nevertheless, large-scale smishing campaigns, PhaaS platforms and the transition to RCS keep risks elevated and require ongoing defensive improvements.

📱 Unit 42 attributes a sprawling smishing campaign to the China-linked Smishing Triad, tying it to 194,345 FQDNs and more than 194,000 malicious domains registered since January 1, 2024. Most root domains are registered through Dominet (HK) Limited yet resolve to U.S.-hosted infrastructure, primarily on Cloudflare (AS13335). Campaigns impersonate USPS, toll services, banks, exchanges and delivery services, using rapid domain churn to evade detection. The operation has reportedly generated over $1 billion in three years and increasingly targets brokerage and banking accounts to enable market manipulation.

🚨 Unit 42 attributes a widespread smishing campaign to the Smishing Triad that uses urgent SMS messages and realistic phishing pages to impersonate toll, delivery and other critical services. Since April 2024 the operation has registered and churned over 194,000 malicious domains and 136,900 root domains, leveraging a Hong Kong registrar while primarily hosting on U.S. cloud infrastructure. The campaign appears powered by a large phishing-as-a-service ecosystem and seeks PII, credentials and payment data. Advanced URL Filtering and Advanced DNS Security provide protections; contact Unit 42 Incident Response for urgent help.

🔒 Law enforcement dismantled a criminal SIM-card supply network known as 'SIMCARTEL' following coordinated actions across multiple European countries. The now-defunct service operated a commercial SIM-box platform that let customers rent phone numbers from over 80 countries to create and manage an estimated 49 million fake online accounts used in phishing, fraud and other serious offences. Authorities seized five servers, around 1,200 SIM-box devices (operating ~40,000 SIMs), hundreds of thousands of SIM cards, froze more than $500,000 in bank funds and over $330,000 in crypto, and took down two domain services linked to the operation.

🚨 Europol announced the disruption of a sophisticated cybercrime-as-a-service SIM farm in Operation SIMCARTEL, resulting in seven arrests and 26 searches across multiple countries. Authorities seized 1,200 SIM box devices containing about 40,000 active SIM cards, dismantled five servers and took over two websites, and froze significant cash and cryptocurrency assets. The platform supplied numbers from over 80 countries and is tied to the creation of more than 49 million online accounts used in phishing, smishing, investment fraud and other serious offences.