Ford Merrill, the Senior Director of Research and Innovation at SecAlliance (a CSIS Security Group company), revealed the complex inner workings, and evolving tactics of a Chinese-language smishing group with over 4,000 members at the Messaging, Malware, and Mobile Anti-Abuse Working Group (M3AAWG) 63rd General Meeting in Lisbon, Portugal, earlier this month.
His presentation titled “Deep Dive Into a Massive Chinese Smishing Syndicate” was also referenced in the highly influential Krebs on Security blog further underscoring Merrill’s world-class expertise regarding the operations of this smishing group whose reach is remarkable. Nearly everyone with a mobile device has likely either been directly exposed to these scams or knows someone who has experienced them over the past year or so.
“Having a speaker with this level of insight into such a ubiquitous and quickly evolving scam allows the cybersecurity community a strong chance at keeping pace with these menacing figures that cause financial ruin for innocent people and institutions throughout the world,” said Amy Cadagin, M3AAWG Executive Director.
Importance of Confidentiality
Having experts like Merrill speak candidly about these matters at M3AAWG General Meetings—a platform with strict confidentiality parameters—has become increasingly vital, given the methods of scammers. Disclosing information about scammer resources is an exercise in caution, as phishers are known to quickly fix vulnerabilities after reports on their tactics aimed at educating the crime-fighting community are made public.
In-person forums provide a safer venue for the exchange of vital intelligence than publicly issued reports or documents, which are almost certain to be seen by bad actors who will tailor their resources and behavior accordingly.
“These actors have been innovative in every aspect of evolving fraud for the modern age. We believe they are responsible for billions of dollars in losses globally via advanced phishing campaigns and their pioneering the use of Digital Wallets for monetization and money laundering” Merrill said.
The Chase to Stop Scammers
Theft of credit card data was previously deterred by advances in chip-based technology on payment terminals. Yet scammers have pivoted to utilizing phished card data within mobile wallets, as referenced in Merrill's presentation and the Krebs on Security blog.
Today, these scams arrive in droves under the guise of services looking to deliver parcels, toll road operators seeking unpaid tolls, and similar social engineering tactics. Scammers can disguise their methods to such an extent that a victim will link their credit card data from an Apple or Google-based mobile wallet directly to the scammer’s control.
As Merrill took meeting attendees on a deep dive into the underlying digital organization and ingenuity of these scams, they learned about:
- The scam’s lifecycle, tactics, techniques, procedures, cashout mechanisms, targeted victim organizations, and the history of one of the most prolific mega-actors behind the massive package redelivery phishing spam we all receive.
- A phishing kit analysis with technical details about its contents, capabilities, deployment, and weaknesses.
- Additional quantitative and qualitative information about the scale of fraud and its infrastructure.
“Having the opportunity to present these findings in person is incredibly important because the people in the room at M3AAWG meetings are exactly the type of individuals we want to fully educate on these matters; they have the power to help us fight back,” Merrill said.
Get Involved
Check out our slate of upcoming M3AAWG General Meetings and be sure to keep the conversation going by exploring M3AAWG Priorities, Focus Areas, and discover ways you can get involved in strengthening the fight back against these online criminals.