Cybersecurity firm Resecurity has discovered a new campaign by the notorious cybercriminal group, Smishing Triad, targeting smartphone users in Pakistan. This group specializes in smishing attacks, which combine SMS and phishing to trick victims into revealing sensitive information. Recently, they have been impersonating Pakistan Post, using local phone numbers to lend authenticity to their demands for payment and credit card details to cover supposed additional fees. The activity began in May and peaked in June 2024, with daily messages ranging between 50,000 to 100,000.
The Smishing Triad, originating from China, has previously targeted various regions including the US, EU, UAE, and KSA. Their tactics are consistent: impersonate trusted entities, create a sense of urgency, and steal valuable information. The group has a history of impersonating leading mail and logistics services, and now, they are leveraging stolen databases from the Dark Web, which include citizens’ phone numbers in Pakistan.
The deceptive messages are sent via iMessage and SMS, luring recipients with claims of undelivered packages from well-known courier firms like TCS, Leopard, and FedEx, or urgent account issues. Customers of major mobile carriers in Pakistan, such as Jazz/Warid, Zong, Telenor Pakistan, and Ufone, have reported receiving these messages on Reddit. The most active smishing kits were hosted on domains like “pk-post-goi.xyz” and “ep-gov-ppk.cyou,” which Resecurity has since taken down. These domains were registered through NameSilo, LLC, using anonymous and fake contact details.
The National Cyber Emergency Response Team of Pakistan (PKCERT) has issued a security advisory to encourage citizens to protect themselves from these scams. Telecom operators in Pakistan are being urged to enhance fraud detection and block malicious activity. To defend against such attacks, it is recommended to be skeptical of suspicious messages, verify the source, avoid clicking on links, use security software, and report any suspicious messages to mobile service providers.
Reference:
