[ad_1]
A new phishing service has been discovered that uses unique methods to reach iOS and Android users.
Discovered by researchers at Netcraft, the Phishing-as-a-Service (PhaaS) tool called ‘Dacula’ is known for its ability to contact victims via the Rich Communications Services (RCS) protocol in Google Messages and iMessage. , stands out from the rest. , instead of the regular Short Message System (SMS).
They explain that there are two reasons for the move to RCS, the first being an improved perception of message legitimacy. Second, RCS messages are end-to-end encrypted, making it impossible to intercept or block messages based solely on message content.
Thousands of domains and IP addresses
Although it is impossible to say how many people received these smishing messages, we do know that they exist in over 100 countries around the world.
Hackers who sign up for the service can choose from over 200 phishing templates to impersonate dozens of organizations. After paying for a subscription, the attacker chooses one of many companies, including postal, financial, government, tax, telecommunications, airlines, and utilities, and includes appropriately placed fonts and logo images. You can get a dedicated phishing website with such things as:
Researchers say the phishing websites are of “high quality.”
“The Darcula platform has been used in a number of high-profile phishing attacks over the past year, including messages received on both Apple and Android devices in the UK, as well as a parcel scam impersonating the United States Postal Service (USPS).” on Reddit. /r/phishing,” the researchers explain in the article.
PhaaS appears to have around 20,000 domains spread across 11,000 IP addresses. Over 100 new domains are added to the tool every day.
As always, the best way to prevent phishing is to use common sense. It’s best to be especially careful if the message is unexpected, sounds weird, or doesn’t seem to be true.
via peepee computer
Learn more about TechRadar Pro
[ad_2]
Source link
