We’ve detected an active smishing campaign targeting Australian mobile phone numbers from multiple providers, including Optus and Vodafone. The link within the text message redirects the mobile phone user to a cost-per-acquisition landing page, which collects personally identifiable information and upon submission generates the cyber-gang a small sum of money.

It unknown how this information is currently being utilised or if the data is stored in a third-party location. However, it is likely the data will be used in a follow up attack with an associated payload. 

Original SMS message:

While the message comes from different sender numbers, the link and package identification are always consistent.

The user is lead to a fake UPS delivery page, upon clicking the URL within the original SMS. This then leads to a separate landing page, where the users is requested to pay a $3.00 customer fee.

The following IOCs were detected in this campaign: :,,,,,,,, 
CPA Link: 

Supporting graphics: 

Image description: Original smishing SMS message.

Image description: fake UPS landing page

Don't let your employees fall victim to smishing attacks, get in touch with us for our Cybersecurity Awareness Training Program.

Date Published
November 16, 2020