Threats Tagged 'smishing'

With the introduction of charges/taxes on certain items posted from outside the EU, threat actors appear to be leveraging the situation to send fraudulent SMS and email messages impersonating postal services in an attempt to harvest payment details and personal information. The campaign is already being observed targeting Irish users, and I'd like to highlight this activity publicly as part of a LinkedIn post around our Brand Protection, Threat Intelligence, and Domain Takedown capabilities.

MediumCampaignIreland#customs#taxes#smishing

A sophisticated smishing and phishing operation active since the second half of 2025 has impersonated over 267 brands across 72 countries, with particular concentration in Latin America. The campaign generated 4,389 phishing domain instances, with Mexico accounting for 1,851 cases. Telecommunications is the most targeted sector with 1,754 instances, followed by financial services and consumer rewards programs. The operation employs fake Cloudflare error pages as decoys, revealing malicious content only to victims matching specific geofencing and mobile device criteria. Data exfiltration occurs through encrypted WebSocket channels using binary encoded payloads. Approximately 30% of infrastructure is hosted on Tencent Cloud and Alibaba US servers, fronted by Cloudflare to mask hosting IPs. The attack chain progresses from SMS lures through progressive credential harvesting, ultimately capturing complete credit card details including CVV codes.

MediumCampaignAustraliaChileColombia+3#brand impersonation#credit card theft#smishing