SMS Phishing Campaign Targets Mobile Bank App Users in North America
A dozen North American banks have been targeted in a mobile phishing campaign that has already victimized 4,000 victims through deploying an automated SMS tool. The tool sends out fraudulent security text messages to mobile phone users and has targeted customers of banks like Chase, TD Bank, and Royal Bank of Canada. The attacks began in June and ceased last month when security firm Lookout discovered the campaign.
Lookout claimed that the phishing campaign included text messages stating that the victim’s bank detected suspicious activity tied to their account, and the texts included a link to one of over 200 phishing pages. The pages were sophisticated and meant to look legitimate on mobile devices. The pages also included links like Mobile Banking Security and Privacy and were designed to resemble actual bank login pages. The campaign was so effective because it specifically targeted mobile phone users, as mobile-based phishing campaigns are less likely to be discovered and spoofed sites are harder to detect on phones.