The US postal service was mimicked more than a thousand times in a phishing campaign linked to China, a cybersecurity analyst has claimed.
Uptycs said it had seen the attackers target the victims with unsolicited text messages, sending them toxic web links to click on in a technique commonly referred to as “smishing” or SMS phishing that uses cellphone networks as an attack vector.
“Victims will generally receive a fraudulent text message designed to entice the recipient into disclosing personal or financial information,” said Uptycs. “The criminal executes this type of attack with the intent to gather personal and financial information like credit card numbers.”
In the course of its investigation, Uptycs says it uncovered more than a thousand “live phishing websites” masquerading as portals for the legitimate United States Postal Service (USPS).
The campaign seeks to lure victims into entering personal details such as name, address, and credit card details into a bogus ‘update form’ that purports to be from the real USPS but isn’t.
“Redirecting to legitimate websites is the usual method most phishing campaigns use to trick the victims, to make it appear that it is a common inquiry check,” said Uptycs. “Ultimately, the collected information could be used in multiple ways to impact the victim by leaking the information or selling these details to other cyberattackers.”
China suspected, but hard to prove
Uptycs says it “blocked all the 1,050+ indicators” it found while investigating the case, adding that its digital detectives “concluded that there is a high possibility this phishing campaign activity is being organized by Chinese threat actors.”
If true, it would mark yet another salvo in the ongoing tech war between the two superpowers, whose diplomatic relations appear to be increasingly characterized by mutual suspicion.
Uptycs did not elaborate on its reasoning for fingering China but added that it had observed servers used in the same campaign based not only in the Asian country but also in the US, Canada, Singapore, and Russia.
Of course, this only underscores the porous nature of borders in the digital ecosystem, and the resulting difficulty in accurately attributing cyberattacks to any given nation or actor.
Uptycs urges members of the public to avoid clicking on links, phone numbers, or attachments sent via text message and instead contact an entity directly via their official website or published contact details.
More from Cybernews:
Subscribe to our newsletter