TZUTC: -0500   
   MSGID: 1336.consprcy@1:2320/105 2cfde1ca   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Massive leak of over 115 million US payment cards caused by Chinese    
   "smishing" hackers - find out if you're affected   
      
   Date:   
   Sun, 10 Aug 2025 05:04:00 +0000   
      
   Description:   
   A massive phishing campaign driven by mobile attacks and Telegram-based kits   
   may have exposed over 115 million US cards without breaching banks directly.   
      
   FULL STORY   
      
   A wave of advanced phishing campaigns, traced to Chinese-speaking   
   cybercriminal syndicates, may have compromised up to 115 million US payment   
   cards in just over a year, experts have warned.    
      
   Researchers at SecAlliance revealed these operations represent a growing   
   convergence of social engineering, real-time authentication bypasses, and   
   phishing infrastructure designed to scale.    
      
   Investigators have identified a figure referred to as Lao Wang as the    
   original creator of a now widely adopted platform that facilitates   
   mobile-based credential harvesting.   
      
   Identity theft scaled through mobile compromise   
      
   At the center of the campaigns are phishing kits distributed through a   
   Telegram channel known as dy-tongbu, which has rapidly gained traction among   
   attackers.    
      
   These kits are designed to avoid detection by researchers and platforms    
   alike, using geofencing, IP blocks, and mobile-device targeting.    
      
   This level of technical control allows phishing pages to reach intended   
   targets while actively excluding traffic that might flag the operation.    
      
   The phishing attacks typically begin with SMS, iMessage, or RCS messages    
   using everyday scenarios, such as toll payment alerts or package delivery   
   updates, to drive victims toward fake verification pages.    
      
   There, users are prompted to enter sensitive personal information, followed    
   by payment card data.    
      
   The sites are often mobile-optimized to align with the devices that will   
   receive one-time password (OTP) codes, allowing for immediate multi-factor   
   authentication bypass.    
      
   These credentials are provisioned into digital wallets on devices controlled   
   by attackers, allowing them to bypass additional verification steps normally   
   required for card-not-present transactions.    
      
   Researchers described this shift to digital wallet abuse as a fundamental   
   change in card fraud methodology.    
      
   It enables unauthorized use at physical terminals, online shops, and even    
   ATMs without requiring the physical card.    
      
   Researchers have observed criminal networks now moving beyond smishing   
   campaigns.    
      
   There is growing evidence of fake ecommerce sites and even fake brokerage   
   platforms being used to collect credentials from unsuspecting users engaged    
   in real transactions.    
      
   The operation has grown to include monetization layers, including pre-loaded   
   devices, fake merchant accounts, and paid ad placements on platforms like   
   Google and Meta.    
      
   As card issuers and banks look for ways to defend against these evolving   
   threats, standard security suites , firewall protection , and SMS filters may   
   offer limited help given the precision targeting involved.    
      
   Given the covert nature of these smishing campaigns, there is no single    
   public database listing affected cards. However, individuals can take the   
   following steps to assess possible exposure:   
      
   Review recent transactions   
   Look for unexpected digital wallet activity   
   Monitor for verification or OTP requests you didnt initiate   
   Check if your data appears in breach notification services   
   Enable transaction alerts   
      
   Unfortunately, millions of users may remain unaware their data has been   
   exploited for large-scale identity theft and financial fraud, facilitated not   
   through traditional breaches.    
      
   Via Infosecurity   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/pro/security/massive-leak-of-over-115-million-us-pay   
   ment-cards-caused-by-chinese-smishing-hackers-find-out-if-youre-affected   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 111 206 300 307 317 400 426 428 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426