Phishing
Threat Summary
Lookout
Crimeware
July 1, 2019

Lookout Phishing AI Discovers Mobile-Only Banking Campaign

Key Facts

  • This is a mobile-only phishing campaign.
  • Works by guiding bank customers through false account validation.
  • All institutions with potentially affected customers were notified upon discovery.

Background and Discovery Timeline

In early 2020, Lookout Phishing AI discovered a malicious phishing campaign targeting North American banking and financial institutions with a particular focus on customers of Canadian-based organizations. The campaign clearly targets mobile users, as it spreads via SMS messages and leads users to fake login pages built for mobile browsers. The back end of the campaign shows that the attacker built a tool to easily blast an SMS message to as many phone numbers as they want, which further indicates a mobile-first attack strategy.

Capabilities and Affected Parties

Lookout researchers dove deeply into this campaign and were able to access the front-end platform that the attackers used to blast SMS messages to potential victims. These messages contain links to fake login pages that appear legitimate. If the victim is tricked, the attacker steals banking credentials by guiding the victims through a number of security questions such as verifying their account number or asking for their card’s expiration date. With that information, they can easily surpass security questions and steal from the victim’s account.

Authors

No items found.
Threat Type
Phishing
Entry Type
Threat Summary
Discovered By
Lookout
Threat Type
Crimeware
Platform(s) Affected
Phishing
Threat Summary
Lookout
Crimeware

Related Content

MOONSHINE: Evolving Android Surveillanceware by Chinese APT POISON CARP To Target Tibetans and Uyghurs

MOONSHINE is a family of Android surveillanceware that is attributed to the Chinese-backed hacking group POISON CARP, also known as Evil Eye and Earth Empusa.

Read Threat Article

CVE-2023-7024

Google recently disclosed a critical vulnerability in Chromium that adversely affects both Google Chrome and Microsoft Edge browsers across desktop and mobile devices.

Read Threat Article

Robin Banks Phishing Kit Uses MFA Bypass to Target Financials and Crypto

Robin Banks Phishing as a Service is a sophisticated phishing kit that can circumvent MFAs and has been used to target financial institutions and cryptocurrency exchanges.

Read Threat Article

Stop Cyberattacks Before They Start With Industry-Leading Threat Intelligence.

Schedule Demo
HeaderHeaderHeaderHeader
CellCellCellCell
CellCellCellCell
CellCellCellCell
CellCellCellCell