Smishing Triad: Exploiting Trust in Postal Services for Fraud Worldwide

In Albania, recent waves of Smishing (SMS-based phishing) have been impersonating Posta Shqiptare, revealing orchestrated large-scale global activities related to postal services package arrival fraud. Smishing, a variant of phishing, exploits text messaging to deceive recipients into divulging personal or financial details. Perpetrators often masquerade as reputable entities such as governments agencies or banks to lend credibility to their fraudulent messages. For instance,they might impersonate postal services like Posta Shqiptare or international ones like DHL, claiming additional delivery fees are owed via credit card. Once victims provide payment information, perpetrators exploit it for financial gain.

The modus-operandi of these campaigns involves creating similar domains to the targeted postal services, accompanied by meticulously crafted pages replicating the original postal service websites with high technical and design skills. Operational security measures are taken to target mobile phone users specifically, preventing further analysis from other sources. Perpetrators demonstrate a strong understanding of the targeted countries, evident from well-structured messages in terms of syntax and language.

The attackers leverage smishing for its lack of regulatory checks and cost-effectiveness. They utilize compromised iCloud accounts to send iMessage messages to Apple users and employ SMS messaging services for Android users.

‍

‍

WHICH ARE THE TARGETED COUNTRIES?

Further investigating in the resources that the attackers use, we managed to create a world map with the targeted countries of this scheme as below.

‍

‍

The targeted countries span across the globe, indicating wide spread operations. The smishing/fraud kit is sold as a service by groups on forums and telegram channels, with the group behind it identified as the "Smishing Triad." While their modus-operandi is similar, slight differences exist in how they operate.

‍

‍
In Albania, the attacks began on 24/12/2023 and continue as of 08/04/2023. Twenty-three malicious campaigns have been identified,with eight completed and fifteen to be launched. It's evident that the attacks are prepared to persist in the upcoming months.

Given the technical challenges in combating smishing, success relies heavily on manipulating trust within communication channels and the evolving nature of smishing attacks. To address these threats, there's a critical need for heightened consumer awareness. Individuals must be educated on recognizing smishing attacks and differentiating them from legitimate communications. Vigilance,critical thinking, and skepticism are essential for empowered consumers in navigating these threats.

‍