“SMS” Phishing on the Rise: A Growing Threat in Malaysia

In recent years, Malaysia has witnessed a surge in “SMS” phishing (also known as smishing) attacks. These deceptive messages target unsuspecting individuals via text messages, luring them into revealing sensitive information or clicking on malicious links. Let’s delve into the key aspects of this growing threat:

1. The Prevalence of SMS Phishing

According to a survey conducted by international market research firm Ipsos, more than two-thirds of Malaysians (76%) have encountered scams at some point in their lives. Among the communication channels exploited by scammers, phone calls and WhatsApp applications take the lead. SMS phishing accounts for a significant portion, with 56% of respondents reporting such incidents. The remaining channels include Facebook (31%), Telegram (30%), and SMS text (29%).

2. Evolving Tactics

The modus operandi of SMS phishing has evolved over time. Initially, scammers targeted traditional SMS messages, but as telcos in Malaysia began blocking SMS containing URLs, fraudsters adapted. Recent campaigns have shifted focus to Apple iMessage and Android RCS (Rich Communication Services), which technically aren’t SMS but operate within similar messaging platforms. Additionally, spoofed SMS via fake base transceiver stations (BTS) have emerged, further complicating the landscape.

3. The TNG eWallet Scam

Recently, the theme of SMS phishing has shifted from parcel services and telco-related scams to TNG eWallet. Victims receive messages claiming that their loyalty points are about to expire, urging them to redeem by clicking a link. However, these links lead to fraudulent websites designed to steal personal information, including campaigns aimed at hijacking Telegram accounts. The shift to TNG eWallet reflects scammers’ adaptability and their ability to exploit popular services.

4. Reporting and Awareness

Despite the prevalence of SMS phishing, fewer than half of victims report the incidents to authorities. The police receive the majority of complaints (62%), while other agencies like the Malaysian Communications and Multimedia Commission (MCMC), CyberSecurity Malaysia, and Bank Negara Malaysia receive fewer reports. Raising awareness and empowering the public with education and digital safeguards are crucial steps in combating this menace.

5. Indicators of Compromise

Indicators of Compromise (IOCs) for the latest campaign should include relevant and enriched indicators:

touchngo-z.top
globeih.top
globein.top
telkomsel-og.top
telkomsel-oj.top
maxis-l.top
globeig.top
emag-k.top
telkomsel-om.top
telkomsel-ok.top
ais-g.top
ais-h.top
ais-f.top
ais-d.top
globeij.top
etisalat-z.top
telkomsel-oz.top
telkomsel-on.top
telkomsel-ox.top
telkomsel-ov.top
telkomsel-os.top
telkomsel-oq.top
telkomsel-id.com
dpd-a.top
emag-q.top
dpd-c.xyz
dpd-a.vip
globeif.top
globeiv.top
globeix.top
globeid.top
globeia.top
globeic.top
globeiz.top
globeib.top
globeis.top
emag-w.top
telkomseip.top
telkomseie.top
telkomseit.top
telkomseiw.top
telkomsexx.top
telkomseiq.top
telkomseir.top
telkomseiy.top
telkomsexz.top
telkomsexc.top
telkomseio.top
telkomsexv.top
telkomseiu.top
maltapost-x.top
telkomselia.top
telkomselic.top
cambodiapostv.top
telkomselim.top
telkomselil.top
telkomselib.top
telkomselik.top
telkomselij.top
ais-j.top
telkomselin.top