We’ve detected an active smishing campaign targeting Australian mobile phone numbers from multiple providers, including Optus and Vodafone. The link within the text message redirects the mobile phone user to a cost-per-acquisition landing page, which collects personally identifiable information and upon submission generates the cyber-gang a small sum of money.
It unknown how this information is currently being utilised or if the data is stored in a third-party location. However, it is likely the data will be used in a follow up attack with an associated payload.
Original SMS message:
While the message comes from different sender numbers, the link and package identification are always consistent.
The user is lead to a fake UPS delivery page, upon clicking the URL within the original SMS. This then leads to a separate landing page, where the users is requested to pay a $3.00 customer fee.
The following IOCs were detected in this campaign:
Goto.track-go.info :
|
18.184.38.55
|
Parcelau.trackyourparcel.site:
|
104.27.165.53, 172.67.140.119, 104.27.164.53
|
Go2.link-track.top:
|
18.184.38.55
|
Hugedynasty.com:
|
104.31.80.48, 104.31.81.48, 172.67.213.166
|
Eee.justworm.com:
|
104.28.18.117, 172.67.135.88, 104.28.19.117
|
Api.mdsyzz.info:
|
104.31.88.46, 104.31.89.46, 172.67.214.33
|
CPA Link:
|
http://visionadz.go2cloud.org/aff_c?offer_id=181&aff_id=1&aff_click_id=dj2u6rrode8vi0d3i40446as
|
Supporting graphics:
Image description: Original smishing SMS message.
Image description: fake UPS landing page
Don't let your employees fall victim to smishing attacks, get in touch with us for our Cybersecurity Awareness Training Program.