security-alert_web.jpg


We’ve detected an active smishing campaign targeting Australian mobile phone numbers from multiple providers, including Optus and Vodafone. The link within the text message redirects the mobile phone user to a cost-per-acquisition landing page, which collects personally identifiable information and upon submission generates the cyber-gang a small sum of money.

It unknown how this information is currently being utilised or if the data is stored in a third-party location. However, it is likely the data will be used in a follow up attack with an associated payload. 

Original SMS message:

While the message comes from different sender numbers, the link and package identification are always consistent.

The user is lead to a fake UPS delivery page, upon clicking the URL within the original SMS. This then leads to a separate landing page, where the users is requested to pay a $3.00 customer fee.

The following IOCs were detected in this campaign: 

Goto.track-go.info :  
18.184.38.55 
Parcelau.trackyourparcel.site:  
104.27.165.53, 172.67.140.119, 104.27.164.53 
Go2.link-track.top:  
18.184.38.55 
Hugedynasty.com:  
104.31.80.48, 104.31.81.48, 172.67.213.166 
Eee.justworm.com:  
104.28.18.117, 172.67.135.88, 104.28.19.117 
Api.mdsyzz.info:  
104.31.88.46, 104.31.89.46, 172.67.214.33 
CPA Link:  
http://visionadz.go2cloud.org/aff_c?offer_id=181&aff_id=1&aff_click_id=dj2u6rrode8vi0d3i40446as 


Supporting graphics: 

Image description: Original smishing SMS message.

Image description: fake UPS landing page

Don't let your employees fall victim to smishing attacks, get in touch with us for our Cybersecurity Awareness Training Program.

Details
Date Published
November 16, 2020
Category