All news with #smishing tag

Social Engineering: How Attackers Exploit Human Weakness

🧠 Social engineering exploits human psychology to bypass technical and physical safeguards, using impersonation, deception and manipulation to gain access to systems, facilities or data. Attackers commonly use phishing, vishing, smishing, pretexting, baiting and tailgating after extensive reconnaissance to craft believable lures. High-value targets are often pursued via spear-phishing or BEC schemes, while opportunistic attackers rely on mass phishing. Practical defenses include ongoing security awareness training, verified procedures for urgent requests and realistic simulation tests; tools such as Social-Engineer Toolkit help organizations test their resilience.

Google Sues to Dismantle 'Lighthouse' Smishing Kit

🛡️ Google has filed a civil lawsuit in the Southern District of New York to dismantle Lighthouse, a phishing-as-a-service kit used to power large-scale SMS phishing (smishing) campaigns. The company says the kit — likely run from China and marketed on Telegram — offered more than 600 templates mimicking over 400 organizations and targeted more than one million people across 121 countries. Google is pursuing legal remedies and supporting new legislation while deploying technical protections such as AI-powered scam flagging and expanded account recovery options.

Google Sues to Dismantle Lighthouse Phishing Platform

⚖️ Google has filed a lawsuit to dismantle the Lighthouse phishing‑as‑a‑service platform accused of enabling global SMS phishing (“smishing”) that impersonates USPS and toll providers. The company says Lighthouse has impacted more than 1 million victims in 120 countries and that similar scams may have exposed up to 115 million U.S. payment cards between July 2023 and October 2024. Google’s complaint invokes federal racketeering, trademark, and computer fraud laws and seeks to seize the infrastructure hosting fraudulent templates that even mimic Google sign‑in screens.

Google's Android AI Blocks Billions of Scam Messages

📱 Google says built-in scam defenses on Android prevent more than 10 billion suspected malicious calls and messages every month and have blocked over 100 million suspicious numbers from using RCS. The company uses on-device artificial intelligence to filter likely spam into the "spam & blocked" folder in Google Messages and recently rolled out safer link warnings for flagged messages. Analysis of user reports in August 2025 identified employment fraud as the most common scam type, while scammers increasingly employ group-message tactics and time-of-day scheduling to increase success rates.

Smishing Triad Linked to 194,000 Malicious Domains

📱 Unit 42 attributes a sprawling smishing campaign to the China-linked Smishing Triad, tying it to 194,345 FQDNs and more than 194,000 malicious domains registered since January 1, 2024. Most root domains are registered through Dominet (HK) Limited yet resolve to U.S.-hosted infrastructure, primarily on Cloudflare (AS13335). Campaigns impersonate USPS, toll services, banks, exchanges and delivery services, using rapid domain churn to evade detection. The operation has reportedly generated over $1 billion in three years and increasingly targets brokerage and banking accounts to enable market manipulation.

Global Smishing Campaign Targets Toll, Delivery, Services

🚨 Unit 42 attributes a widespread smishing campaign to the Smishing Triad that uses urgent SMS messages and realistic phishing pages to impersonate toll, delivery and other critical services. Since April 2024 the operation has registered and churned over 194,000 malicious domains and 136,900 root domains, leveraging a Hong Kong registrar while primarily hosting on U.S. cloud infrastructure. The campaign appears powered by a large phishing-as-a-service ecosystem and seeks PII, credentials and payment data. Advanced URL Filtering and Advanced DNS Security provide protections; contact Unit 42 Incident Response for urgent help.

Jingle Thief: Inside a Cloud Gift Card Fraud Campaign

🔍Unit 42 details the Jingle Thief campaign, a Morocco‑based, financially motivated operation that uses phishing and smishing to harvest Microsoft 365 credentials and abuse cloud services to commit large‑scale gift card fraud. The actors maintain prolonged, stealthy access for reconnaissance across SharePoint, OneDrive and Exchange, and rely on internal phishing, inbox rules and rogue device enrollment in Entra ID to persist and issue unauthorized cards. The report (cluster CL‑CRI‑1032) links the activity to Atlas Lion/STORM‑0539 and emphasizes identity‑centric detections and mitigations.

Generative AI and Agentic Threats in Phishing Defense

🔒 Generative AI and agentic systems are transforming phishing and smishing into precise, multilingual, and adaptive threats. What were once rudimentary scams now leverage large language models, voice cloning, and autonomous agents to craft personalized attacks at scale. For CISOs and security teams this represents a strategic inflection point that demands updated detection, user education, and cross-functional incident response.

Fake 'Inflation Refund' Texts Target New Yorkers in NY

🔔 A new smishing campaign impersonates the New York Department of Taxation and Finance, sending texts that urge recipients to submit payment information to process an 'Inflation Refund.' Links lead to a counterfeit site requesting name, address, phone, email and Social Security Number. New Yorkers are reminded the refund is automatic for eligible taxpayers and agencies will not text or call for payment details. Report suspicious messages to the Tax Department or IRS.

Attackers Abuse Milesight Routers to Send Smishing SMS

📱 SEKOIA warns that unknown actors have been abusing Milesight industrial cellular routers to send phishing SMS messages across Europe since at least February 2022. The attackers exploited exposed SMS-related APIs — linked to a patched information disclosure flaw (CVE-2023-43261) — to dispatch typosquatted URLs impersonating government platforms, banks, postal and telecom providers. Of roughly 18,000 such routers visible on the public internet, SEKOIA identified about 572 potentially vulnerable devices, roughly half located in Europe. The campaigns used JavaScript-based mobile checks and domains that disabled debugging and logged visitors to a Telegram bot, indicating operational measures to hinder analysis.

Smishing Campaigns Abuse Milesight Cellular Routers

📩 Research from Sekoia.io’s TDR team reveals a wave of smishing attacks that abused APIs on Milesight Industrial Cellular Routers to send phishing SMS, primarily targeting Belgian users by impersonating government services such as CSAM and eBox. The activity was first detected on 22 July 2025 via honeypots, and investigators found messages in Dutch and French using Belgium’s +32 code. Sekoia noted over 19,000 devices are publicly accessible and at least 572 permit unauthenticated SMS access, enabling large-scale abuse. The campaigns used infrastructure linked to Podaon and domains often registered through NameSilo, with attackers testing compromised routers before launching mass waves.

Lighthouse and Lucid PhaaS Linked to 17,500 Phishing Domains

🔍 Netcraft reports that the PhaaS platforms Lucid and Lighthouse are linked to more than 17,500 phishing domains impersonating 316 brands across 74 countries. Lucid, first documented by PRODAFT in April, supports smishing via Apple iMessage and RCS and is tied to the Chinese-speaking XinXin group. Both services offer customizable templates, real-time victim monitoring, and granular targeting controls (User-Agent, proxy country, configured paths) that restrict access to intended victims. Lighthouse subscriptions run from $88 per week to $1,588 per year, underscoring the commercial scale of these offerings.

Myth Busting: Why 'Innocent Clicks' Don't Exist Today

🔒 Visiting a suspicious link or scanning an unknown QR code can be risky even if you refrain from entering data or interacting further. Modern webpages can trigger drive-by downloads, exploit browser or plugin vulnerabilities via embedded JavaScript, or silently harvest device and browser metadata to build a digital fingerprint. The piece advises keeping devices patched, avoiding unknown links or QR codes, inspecting URLs and using unshortening and reputation services to vet destinations before proceeding.