Chinese Bank Customers Targeted with SMS Phishing Campaign

You have heard about phishing but now you will learn about Smishing.

Hackers use phishing messages and compromised websites to steal credentials of users but, Chinese banking users are facing a new kind of threat in the form of phishing texts.

These text messages seem to be sent from a leading bank’s official number. The GSM standard is definitely not a very secure network primarily because the mobile phone and network authentication go in a single direction.

The network validates the legality of the client but the client never checks the network, according to McAfee.

Thus, an attacker can easily send mass text messages from a fake base station to countless users of mobile devices by exploiting this particular shortcoming.

Check out the screen capture from a Wechat app user who received SMS text message from a fake base station.

SMS screenshot / Image Source: McAfee

The message reads that the mobile bank account is unavailable and the recipient of the message is redirected to fake websites.

These fake websites appear as the bank’s web interface and asks the user to input bank account number, mobile phone number and of course, the bank account login password.

The information is said to help the user register the mobile phone’s bank features.

Here we are showing you the difference between fake interface and actual interface of the bank.

Screenshot showing fake and actual interface of the bank / Image Source: McAfee

Obviously, when the user enters these details, the attacker steals money from the account.

The problem is that this new SMS phish campaign uses the official number of the bank and hence, it appears to be authentic.

These malicious text messages have been labeled as SMS/Smishing.D. by Intel Security and McAfee Mobile Security.

So if you are dealing with Chinese banks just be careful and don’t fall for this scam.

Related Posts