Mobile banking app users in the United States and Canada should remain vigilant when receiving SMS from unknown senders since recently researchers have uncovered a malicious SMS phishing campaign in the wild targeting users in North America. The campaign attempts to steal banking details from various mobile banking applications.
New SMS Phishing Campaign Targeting Bank Apps
Researchers from the mobile security firm Lookout have discovered an SMS phishing campaign actively targeting users. Sharing their findings in a blog post, the researchers elaborated that the new phishing campaign aims at mobile banking apps.
Briefly, the attack begins when the users receive SMS messages, presumably from a prominent Canadian or American bank. The text lures the user to click on the given phishing links that impersonate bank websites.
Phishing Links Now Down – But The Threat Persists
Lookout discovered around 200 phishing links affiliated with this campaign. All of them impersonated the legit websites of various banks to trick users. The researchers found the campaign continued since June 2019.
When the attack was discovered, the Lookout Phishing AI engine was able to find the victim’s IP addresses and dates on which the current deployment of the phishing kit recorded the clicks. This revealed a campaign against consumers of these banks, as well as the success of the attack, ongoing since June 2019.
Upon finding the phishing attack, the researchers notified all relevant banks about the campaign. In their report, Lookout confirmed that all the related phishing links went offline.
Let us know your thoughts in the comments.