iPhone farms – banks of phones equipped with rotating temporary Apple IDs – are being used to send more 100,000 scam iMessages per day, found security researchers.
By using iMessages rather than texts, scammers can bypass spam and scam filters implemented by mobile carriers. Fraudsters don’t even need any technical skills to carry out their attacks, as there are companies offering phishing-as-a-service (PhAAS) …
Unpaid toll fees, shipping fees, and more scams
Common scams doing the rounds at present include fake demands for unpaid road toll fees; claims that shipping fees are needed to release valuable packages from Customs; and fictitious warnings about unpaid taxes.
These scams are commonly carried out via email and text message, and there’s a constant cat-and-mouse game between criminals and ISPs and mobile carriers seeking to detect suspicious text and links in order to block them.
iPhone farms sending scam iMessages
However, researchers at cybersecurity firm Catalyst have found that scammers are now turning to iMessage. Because these messages are encrypted, with networks unable to see the contents, they cannot be detected and blocked.
What makes things worse is they found a Chinese platform offering the use of their iPhone farms to anyone willing to pay.
Lucid is a sophisticated Phishing-as-a-Service (PhAAS) platform operated by Chinese-speaking threat actors, targeting 169 entities across 88 countries globally […]
Its scalable, subscription-based model enables cybercriminals to conduct large-scale phishing campaigns to harvest credit card details for financial fraud […] To enhance effectiveness, Lucid leverages Apple iMessage and Android’s RCS technology, bypassing traditional SMS spam filters and significantly increasing delivery and success rates.
The group behind Lucid even includes templates scammers can use to create convincing-looking replicas of websites for companies like courier services.
The XinXin group, known for developing Lucid and other PhAAS platforms, has been observed selling phishing templates designed to impersonate postal services, courier companies, road toll systems, and tax refund agencies.
Catalyst includes a low-quality photo (above) of one of these iPhone farms in use.
A Telegram group used to sell these PhAAS attacks has more than 2,000 members.
How to protect yourself
The main safeguard against phishing attacks is to never click on links sent in emails. Always use your own bookmarks, or type in a known URL.
It’s easy to make an email or message look like it originated from a legitimate company, so don’t trust apparently-known senders. Be especially suspicious of messages urging you to act quickly to avoid fines or see packages returned to their senders.
Highlighted accessories
Via Macworld. Photo via Catalyst on background by Uriel SC on Unsplash.
FTC: We use income earning auto affiliate links. More.
