Package delivery failure under scrutiny: examination of SMS card fraud issues
SMS messages, sent from untraceable numbers, often claiming to be from La Poste or Chronopost and asking for unexpected payments, are nothing new. These scam messages typically lead to shady links, impersonating the official delivery company websites, all with an end goal—to steal your banking details for fraudulent purposes.
The "Darcula Unveiled" probe, armed with data from security firm Mnemonic andshared with Norwegian television station NRK, Bavarian radio station Bayerische Rundfunk, and Le Monde, exposes some of these scams. Behind them lie a network of Telegram groups, where cybercriminals or aspiring identity thieves swap tips, jokes, and flaunt their luxurious goods. A shadowy world thrives around this lucrative activity—the selling of phishing services, or "phishing as a service" (PhaaS).
Jean (pseudonym used for confidentiality) fell victim to such a scam one spring in 2024. A phony La Poste text message tricked him into entering his banking info on a fake site, costing him 700 euros before he realized he'd been scammed. His personal details, including address and banking info, were promptly passed on to a hacker.
Explore the investigation | Article for subscribers Exposé on the "Saphir" network, an international investment fraud
You have 83.97% of this article left to read. The remainder is reserved for subscribers.
Enrichment Insights:
- PhaaS Operations and Telegram Groups: Investigations expose PhaaS operations that frequently employ Telegram to coordinate their efforts. Groups like Darcula have shown evidence of sharing pictures of their infrastructure and lavish lifestyles funded by phishing scams, along with tips and resources[1].
- SheByte Phishing Service: Another significant PhaaS player is SheByte, utilizing Telegram for branding and supplying phishing kits. After LabHost shutdown, SheByte has been found targeting Canadian financial institutions with customizable phishing pages[2].
- Smishing Campaigns: A Chinese eCrime group known as Smishing Triad has orchestrated widespread smishing campaigns across various countries, targeting victims through SMS phishing messages. However, no specific mention of targeting La Poste or Chronopost directly through Telegram groups has been made in documented data[4].
In response to your query, while no evidence of La Poste or Chronopost targeting through Telegram groups has been found in the available information, it highlights the capacity for similar scams to spring up within the logistics and delivery sectors. The dynamic nature of cybercrime, such as smishing campaigns, represents a constant threat to various industries, making it essential to stay vigilant and protect one's personal information.
- The "Darcula Unveiled" probe, uncovering a network ofTelegram groups, showcases how cybercriminals use such platforms to organize phishing scams, including impersonating delivery companies like La Poste and Chronopost.
- Despite the investigation not providing specific evidence of La Poste or Chronopost targeting through Telegram groups, it suggests that similar scams could potentially manifest within the logistics and delivery sectors.
- general-news outlets have reported that "PhaaS", or Phishing as a Service, has become increasingly popular among identity thieves, often utilizing Telegram groups to exchange tips and resources.
- Crime-and-justice reports usually emphasize the hazards of clickbait links in SMS messages that claim to be from delivery companies like La Poste and Chronopost, leading to phishing scams aimed at stealing personal information.
