Heimdal Security’s SOC team has discovered an active phishing campaign that appears to be targeting Romanian telecom customers. The campaign exhibits similarities to the Romanian National Post smishing campaign that Heimdal investigated in February. Both campaigns employ SMS messages with TinyURLs that redirect the victim to a cloned version of the legitimate website, which is used to collect payment information.
The latest campaign is designed to trick users into believing that their package will be returned if they do not update their delivery address within 24 hours. The user is then directed to a cloned version of Posta Romana’s payment form for outstanding packages and instructed to input credit card information.
Heimdal has taken the precaution of blocking the malicious URL for safety reasons, and further analysis is ongoing to determine whether the group behind this attack is the same one responsible for the earlier smishing campaign.
The use of SMS messages and cloned websites to collect payment information is a common tactic used by phishing campaigns, and it is important for individuals and organizations to remain vigilant and verify the legitimacy of messages and websites before entering personal or financial information.
Phishing attacks are a persistent threat to organizations and individuals, and they can be difficult to detect and prevent. It is important for organizations to implement security measures such as two-factor authentication, spam filters, and employee training programs to reduce the risk of successful phishing attacks.
Additionally, individuals should exercise caution when responding to unsolicited messages or providing personal or financial information online.
Cybersecurity companies like Heimdal play an important role in identifying and blocking phishing campaigns, and their insights can help individuals and organizations stay informed and protected against these threats.
