The “Smishing Triad,” a cybercriminal group believed to be of Chinese origin, has been identified using smishing (SMS phishing) attacks to steal personal and payment information from victims worldwide.
This group targets individuals by impersonating legitimate postal services and government agencies, including the Royal Mail and Italy’s Agenzia delle Entrate. They send deceptive text messages, often through compromised Apple iCloud accounts, to trick victims into sharing sensitive information, leading to identity theft and credit card fraud.
In addition to smishing, the “Smishing Triad” targets online shopping platforms, injecting malicious code to intercept customer data. They operate a fake online shopping engine called “TrickyCart,” which impersonates popular payment systems like Visa, Mastercard, and PayPal, defrauding consumers.
The group also offers “smishing kits” on Telegram to other cybercriminals targeting U.S., U.K., and EU brands. These kits, priced as low as $200 per month, provide malicious tools for similar smishing attacks. Researchers have discovered a hidden backdoor in these kits, enabling the actors to quietly extract stolen personal and payment data.
Due to the global nature of this cybercriminal activity, disrupting it may require collaboration between law enforcement agencies and industry defenders. Resecurity, the firm that uncovered the “Smishing Triad,” has shared victim information with relevant authorities and agencies, such as the United States Postal Inspection Service. They are also sharing their findings with the broader community to raise awareness and protect potential victims from these smishing attacks.