Cybercriminals are adopting new techniques to execute phishing scams, utilizing encrypted messaging services like Rich Communication Services (RCS) and Apple iMessage. This strategic shift allows them to circumvent traditional SMS filters, posing a greater threat to users’ financial security.
Evolution of Phishing Tactics
Historically, phishing relied on SMS messages, which are increasingly being blocked by carrier-level security measures. In response, threat actors have shifted to more sophisticated methods, using RCS and iMessage to deliver malicious links directly to phones. These channels’ encryption makes it challenging for security tools to detect and block such messages.
This development signifies a leap in phishing sophistication, as attackers aim for comprehensive control over victims’ financial accounts. The objective extends beyond stealing login details to executing unauthorized transactions, including ATM withdrawals and contactless payments, through a device the victim never interacts with.
Chinese-Language Phishing Ecosystem
According to a Google Threat Intelligence Group (GTIG) report shared with Cyber Security News, numerous phishing-as-a-service (PhaaS) platforms have emerged within the Chinese-language cybercrime ecosystem. These platforms are highly organized, making it easier for criminals to participate in credential theft on a large scale.
While Russian-speaking groups have traditionally dominated the PhaaS landscape, the rise of Chinese-language services demonstrates a growing competitive presence. These services operate independently, with unique structures and targets, and are notorious for openly discussing their illicit profits on platforms like Telegram.
Technical Evasion and Financial Exploitation
Phishing messages sent via RCS and iMessage appear more legitimate to the average user due to their polished presentation, including read receipts and high-resolution images. This legitimacy increases the likelihood of user interaction, helping attackers bypass multifactor authentication through real-time interception of one-time passwords (OTPs).
The latest phishing operations focus on digital wallet provisioning, enabling attackers to load a victim’s payment card onto their devices. Once tokenized, the card can facilitate high-value transactions without requiring the physical card, posing significant fraud risks.
A notable platform, YY Lai Yu, active since August 2024, offers extensive phishing templates targeting users globally. Experts recommend integrating FIDO2/WebAuthn authentication to counter OTP interception. Financial institutions should enhance security with risk-based verification and device fingerprinting during digital wallet setup to mitigate credential misuse.
Stay informed by following us on Google News, LinkedIn, and X, and set us as a preferred source for the latest cybersecurity updates.
