The cybersecurity company Sekoia.IO denounces a very common scam currently in France. This is an SMS to verify the delivery and receipt of a package, followed by a link. This signature scheme of a group of Chinese hackers called “Roaming Mantis”, is not recent. The group has already infected a large number of smartphones and is responsible for a mass data theft. Do not click on their link!
Scams from Chinese hackers via SMS
“Your package has been sent. Please check it and receive it” is a very common SMS right now. This contains a link to check the so-called package. However, this message is a decoy. According to the SEKOIA investigative agency working for cybersecurity, this one would come from a group of Chinese hackers named ” Roaming Mantis (or Traveling Mantis).
The latter work in several countries such as Germany, the United States, South Korea, Japan, the United Kingdom, Taiwan, etc. This time the attackers led a campaign in France.
In a short time, the phishing campaign managed to assign multiple phones. The link redirects the targeted user to a fake site that looks very professional and similar to the real site.
The victim is then asked to complete their personal data. A field is displayed to fill in your identifiers, passwords and banking information. The scammers collect all this on their database, against the trapped user.
A sophisticated manipulation process
This modus operandi works, since potential victims tend to trust more when it comes to texting. These messages are, in fact, better received than an e-mail.
The target users will then tend not to question the requests that appear there. In doing so, the victims fall more easily into the trap of the scammer. The task of this one is also facilitated. Email providers can filter phishing emails, but email services cannot.
By responding to messages from these Chinese hackers, the user risks:
- Transmit personal data including payment data. All it takes is a download of an app or a link to a spoofed page.
- Lead to premium rate calls to collect money.
Effects vary by smartphone model
SEKOIA carried out diagnostics on this phishing campaign in France. The survey carried out by the specialists affirms that in all cases, the link does not always lead to the same result.
This is particularly the case if the telephone is not located in France. A device other than iOS and Android will react the same way. They will instead display a message “ Error 404 “, when their user has clicked on the fraudulent link.
In the case of a phone equipped with an iOS system, the link refers to a request for Apple IDs.
“On iPhone, it’s a phishing attack that asks for Apple IDs to retrieve them,” explains Marc Nebout, cybersecurity engineer at Sekoia.IO. This is how the data is extracted.
As for Android, the specialist says that “the user is encouraged to download a malicious application. The latter calls herself MoqHao. She settles duringan update request of the browser.
After downloading this app on Android, it will then ask for theaccess to your contacts. Once this is allowed, it will send exactly the same SMS to all your contacts.
Already 200,000 trapped messages!
Until mid-July, 70,000 text messages following this modus operandi were sent. But currently, this number already exceeds the threshold of 200,000 SMS.
According to Marc Nebout, “the potential victims will be either very young or old. They will be the least alerted on these subjects. To combat these attacks, awareness is needed. »
What to do if you have already clicked on the fraudulent link?
In case of receipt ofa strange text message, the best thing to do is ignore this one. Do not respond to it or click on the link provided. Attackers will take pleasure in recovering your data with just one click.
If you inadvertently see a questionable application very similar to Google Chrome, ask yourself the question anyway. It is possible to ensure its identity in your settings. Once done, you can proceed to delete it. It is even recommended to reset your phone.
#Scam #alert #terrible #SMS #parcel #scam