SMS Phishing Campaign Spreads in China

Phishing messages and fake websites for stealing users’ credentials are a common occurrence. Recently, however, mobile banking users in China are facing a new wrinkle: phishing texts that appear to come from a major bank’s official number.

The GSM standard is not a secure network because the authentication between mobile phone and network goes in a single direction: The network checks the legality of the client, but client does not check the network. An attacker can take advantage of this to send mass text messages to mobile devices from a fake base station.

The following screen capture is from a user’s Wechat app. This SMS text message comes from a fake base station. The message appears to come from the service number of a famous bank in China:


The messages warns that a mobile bank account will become unavailable, and lead the potential victim to fake websites.

The bogus site pretends to be the web interface of the bank and “requires” users to input bank account, password, and mobile phone number to register the mobile phone’s bank features. The following images show the fake interface (left) and the legitimate interface (right) of the bank.


If a victim delivers the bank account, password, and mobile phone number, an attacker is much more likely to steal money from an account.

The key to this threat is that the SMS texts appear to come from the bank’s official number. This is an important point because most people trust messages that appear authentic. Unfortunately, this kind of message can be forged with a fake base station and an SMS mass-sending tool.

Threats vary considerably. In this case, you need to question even official phone numbers, websites, and other apparently authorized sources to avoid being cheated.

Intel Security, through McAfee Mobile Security, detects these malicious text messages as SMS/Smishing.D.


The post SMS Phishing Campaign Spreads in China appeared first on McAfee.