📱Smishing Slows, Quishing Quickens 🎣
Sick of smishing and those pesky parking/toll texts? Don’t get caught by crafty, counterfeit court QR codes — it’s a scan-and-scam! 💳 🚨
North American cell phone users are being hit with yet another wave of smishing campaigns that now include quishing elements. Likely orchestrated by Chinese-speaking threat actors, this latest campaign builds on previous vehicular violations, evolving tactics while impersonating US courts. 🧑⚖️
We’ve recently seen a flurry of SMS messages pushing parking violations — but with a twist: face justice in court… or scan and pay instead!
Delivered as an official-looking image, the actor has begun integrating QR codes into these lures to help mask suspicious phishing URLs, baiting victims into entering personal information, credentials, and ultimately making payments.
For some, this lure may sound better than facing justice for their perceived poor parking. Victims who don't comply are warned that failure to appear or pay could have serious repercussions - a scare tactic designed to push you toward a hasty decision and scanning the QR code! 🫣
We uncovered thousands of these nefarious domains, through their use of Registered Domain Generation Algorithms (RDGAs) and local government impersonation, hosted across a diverse range of hosting providers to evade takedown.
Recent examples:
⛔ ahfgx[.]icu
⛔ euoyq[.]icu
⛔ htpze[.]icu
⛔ mwlaj[.]icu
Friendly reminder - courts don't usually communicate with you via text. That said, we suspect this actor will continue to evolve, expanding their global reach and diversifying lures while improving tradecraft used in smishing and quishing delivery. As for us, we'll take our chances on evading that bench warrant and running from the law. 🏃♂️➡️
#dns #threatintel #threatintelligence #cybercrime #cybersecurity #infosec #infoblox #infobloxthreatintel #phishing #smishing #quishing
