• China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. • Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points. • Over the past week, thousands of domain names were registered for scam websites that purport to offer T-Mobile customers the opportunity to claim a large number of rewards points. • The phishing domains are being promoted by scam messages sent via Apple’s iMessage service or the functionally equivalent RCS messaging service built into Google phones. • The website scanning service urlscan.io shows thousands of these phishing domains have been deployed in just the past few days alone. • The phishing websites will only load if the recipient visits with a mobile device, and they ask for the visitor’s name, address, phone number and payment card data to claim the points.

Article Summaries:

  • China-based phishing groups blamed for non-stop scam SMS messages about a supposed wayward package or unpaid toll fee are promoting a new offering, just in time for the holiday shopping season: Phishing kits for mass-creating fake but convincing e-commerce websites that convert customer payment card data into mobile wallets from Apple and Google. Experts say these same phishing groups also are now using SMS lures that promise unclaimed tax refunds and mobile rewards points. Over the past week, thousands of domain names were registered for scam websites that purport to offer T-Mobile customers
  • China‑based phishing groups have shifted tactics, launching new smishing campaigns that target U.S. consumers with fake e‑commerce sites, mobile rewards‑point offers, and unclaimed tax‑refund alerts. In the past week, thousands of domains were registered to host counterfeit storefronts that prompt users to enter personal and payment‑card details, then request a one‑time SMS code supposedly from their bank. The code is used to enroll the stolen card in Apple or Google mobile wallets, giving attackers control of the victim’s device. The scams are promoted via iMessage, Google RCS, and social‑media ads, and are already active against T‑Mobile and AT&T customers.

Sources: