Google Disrupts Chinese Smishing Network Tied to AI-Generated Phishing Attacks

Google just took down a massive Chinese smishing network that used AI-generated phishing pages to scam millions of mobile users, and is now suing to dismantle the operation for good. The tech giant is teaming up with major carriers like AT&T, T-Mobile, and Verizon to block the fraudulent texts and shut down the…

https://osintsights.com/google-disrupts-chinese-smishing-network-tied-to-ai-generated-phishing-attacks?utm_source=mastodon&utm_medium=social

#PhishingAsAService #China #Smishing #AigeneratedPhishing #Google

Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages

Pulse ID: 6a279c7b68f15b3df89a05df
Pulse Link: https://otx.alienvault.com/pulse/6a279c7b68f15b3df89a05df
Pulse Author: Tr1sa111
Created: 2026-06-09 04:54:19

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#CyberSecurity #InfoSec #OTX #OpenThreatExchange #RAT #Smishing #bot #Tr1sa111

Error 524 Decoy: Unmasking a Global Smishing Operation Hiding Behind Error Pages

A sophisticated smishing and phishing operation active since the second half of 2025 has impersonated over 267 brands across 72 countries, with particular concentration in Latin America. The campaign generated 4,389 phishing domain instances, with Mexico accounting for 1,851 cases. Telecommunications is the most targeted sector with 1,754 instances, followed by financial services and consumer rewards programs. The operation employs fake Cloudflare error pages as decoys, revealing malicious content only to victims matching specific geofencing and mobile device criteria. Data exfiltration occurs through encrypted WebSocket channels using binary encoded payloads. Approximately 30% of infrastructure is hosted on Tencent Cloud and Alibaba US servers, fronted by Cloudflare to mask hosting IPs. The attack chain progresses from SMS lures through progressive credential harvesting, ultimately capturing complete credit card details including CVV codes.

Pulse ID: 6a20299f34e4961fdaff1615
Pulse Link: https://otx.alienvault.com/pulse/6a20299f34e4961fdaff1615
Pulse Author: AlienVault
Created: 2026-06-03 13:18:23

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Cloud #CredentialHarvesting #CreditCard #CyberSecurity #InfoSec #LatinAmerica #Mexico #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

Exposing a Global Smishing Operation Across 19 Countries: Governments, Postal Services, and Telecoms Targeted

A coordinated smishing operation spanning 19 countries across Europe, the Americas, and the Caucasus has been exposed, originating from fraudulent SMS messages impersonating Romania's government payment portal Ghișeul.ro. Investigation revealed 1,628 malicious URLs linked by a single 128-character campaign identifier, targeting government portals, traffic police departments, postal services including DPD and SEUR, tax authorities, and telecommunications providers like T-Mobile and Vodafone. The infrastructure utilizes 32 backend IP addresses distributed across Tencent Cloud, Alibaba Cloud, Cloudflare CDN, and ALEXHOST Moldova. Threat actors employ two distinct phishing templates: a Vue.js single-page application and a Bootstrap-based clone, executing a four-stage credential harvesting process that collects complete payment card details through fabricated traffic fines, toll payments, and delivery notifications.

Pulse ID: 6a17527240dde65694eed30e
Pulse Link: https://otx.alienvault.com/pulse/6a17527240dde65694eed30e
Pulse Author: AlienVault
Created: 2026-05-27 20:22:10

Be advised, this data is unverified and should be considered preliminary. Always do further verification.

#Americas #CDN #Caucasus #Cloud #CredentialHarvesting #CyberSecurity #Europe #Government #InfoSec #OTX #OpenThreatExchange #Phishing #RAT #SMS #Smishing #Telecom #Telecommunication #bot #AlienVault

⚠️ Právě teď se šíří vlna podvodných SMS zpráv, kde se útočníci vydávají za Policii ČR a požadují uhrazení pokuty přes odkaz. Jde o smishing. Neklikejte, nic nezadávejte a pamatujte: policie platby přes SMS nevymáhá.

#smishing

Supuestos “mensajes urgentes” disparan casos de fraudes digitales, alerta UNED

La casa de enseñanza señala que las estafas a través de smishing se han convertido en “una de las principales amenazas digitales” en 2026.
La entrada Supuestos “mensajes urgentes” disparan casos de fraudes digitales, alerta UNED aparece primero en Semanario Universidad.

#Ciberfraudes #Estafas #Fraudes #País #RolandoRojas #Smishing #Tecnología #Uned #UniversidadEstatalADistancia #ÚltimaHora

https://semanariouniversidad.com/pais/supuestos-mensajes-urgentes-disparan-casos-de-fraudes-digitales-alerta-uned/

L'Italia fra le nazioni più colpite da frodi informatiche. I brand più falsificati dal phishing in Italia sono PayPal, Amazon e Poste Italiane. Nei loro attacchi phishing i cybercriminali sfruttano marchi molto noti per aumentare la credibilità di email, sms e notifiche fraudolente.
I truffatori operano continuamente e ...

https://scienzamagia.eu/world-wide-web/litalia-fra-le-nazioni-piu-colpite-da-frodi-informatiche/

#Cybercrime #cybercriminali #ingegneriasociale #phishing #Poliziapostale #Quishing #smartphone #smishing #truffeinformatiche #typosquatting

Stolen phones - and specifically iPhones - have robust anti-theft protections. They are worthless once they're flagged - locked to their owner. So why are millions still being stolen every year?
In this paper, we uncover a thriving underground marketplace focused on unlocking stolen phones. It is powered by:

Lookalike domains impersonating Apple, Xiaomi, Samsung and other brands
Smishing campaigns targeting device owners
Pay‑as‑you‑go “unlocking” tools sold on Telegram
By pivoting on DNS data, we identified 10,000+ malicious domains and a growing ecosystem turning locked devices into profit at scale.

👉 Read how this supply chain works—from theft to resale—and why it’s growing fast. https://www.infoblox.com/blog/threat-intelligence/lookalike-domains-expose-the-iphone-theft-economy/

#ThreatIntel #CyberSecurity #Phishing #MobileSecurity #iOS #Smishing #dns #threatintelligence #cybercrime #infosec #infoblox #infobloxthreatintel #threatintelligence #cybercrime  #infosec #infoblox #infobloxthreatintel