U.K. Arrest in ‘SMS Bandits’ Phishing Service

2021-02-01 15:21

The proprietors of the phishing service were variously known on cybercrime forums under handles such as SMSBandits, "Gmuni," "Bamit9," and "Uncle Munis." SMS Bandits offered an SMS phishing service for the mass sending of text messages designed to phish account credentials for different popular websites and steal personal and financial data for resale.

Sasha Angus is a partner at Scylla Intel, a cyber intelligence startup that did a great deal of research into the SMS Bandits leading up to the arrest.

Angus said the phishing lures sent by the SMS Bandits were unusually well-done and free of grammar and spelling mistakes that often make it easy to spot a phony message.

According to Scylla, the SMS Bandits made a number of operational security mistakes that made it relatively easy to find out who they were in real life, but the technical side SMS Bandits' operation was rather advanced.

SMS Bandits also provided their own "Bulletproof hosting" service advertised as a platform that supported "Freedom of speach" [sic] where customers could "Host any content without restriction." Invariably, that content constituted sites designed to phish credentials from users of various online services.

The SMS Bandits phishing service is tied to another crime-friendly service called "OTP Agency," a bulk SMS provider that appears catered to phishers: The service's administrator stated on multiple forums that he worked directly with the SMS Bandits.

News URL

https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/

#arrest #phishing