Massive leak of over 115 million US payment cards caused by Chinese
"smishing" hackers - find out if you're affected

Date:
Sun, 10 Aug 2025 05:04:00 +0000

Description:
A massive phishing campaign driven by mobile attacks and Telegram-based kits may have exposed over 115 million US cards without breaching banks directly.

FULL STORY

A wave of advanced phishing campaigns, traced to Chinese-speaking
cybercriminal syndicates, may have compromised up to 115 million US payment cards in just over a year, experts have warned.

Researchers at SecAlliance revealed these operations represent a growing convergence of social engineering, real-time authentication bypasses, and phishing infrastructure designed to scale.

Investigators have identified a figure referred to as Lao Wang as the
original creator of a now widely adopted platform that facilitates
mobile-based credential harvesting.

Identity theft scaled through mobile compromise

At the center of the campaigns are phishing kits distributed through a
Telegram channel known as dy-tongbu, which has rapidly gained traction among attackers.

These kits are designed to avoid detection by researchers and platforms
alike, using geofencing, IP blocks, and mobile-device targeting.

This level of technical control allows phishing pages to reach intended
targets while actively excluding traffic that might flag the operation.

The phishing attacks typically begin with SMS, iMessage, or RCS messages
using everyday scenarios, such as toll payment alerts or package delivery updates, to drive victims toward fake verification pages.

There, users are prompted to enter sensitive personal information, followed
by payment card data.

The sites are often mobile-optimized to align with the devices that will receive one-time password (OTP) codes, allowing for immediate multi-factor authentication bypass.

These credentials are provisioned into digital wallets on devices controlled
by attackers, allowing them to bypass additional verification steps normally required for card-not-present transactions.

Researchers described this shift to digital wallet abuse as a fundamental change in card fraud methodology.

It enables unauthorized use at physical terminals, online shops, and even
ATMs without requiring the physical card.

Researchers have observed criminal networks now moving beyond smishing campaigns.

There is growing evidence of fake ecommerce sites and even fake brokerage platforms being used to collect credentials from unsuspecting users engaged
in real transactions.

The operation has grown to include monetization layers, including pre-loaded devices, fake merchant accounts, and paid ad placements on platforms like Google and Meta.

As card issuers and banks look for ways to defend against these evolving threats, standard security suites , firewall protection , and SMS filters may offer limited help given the precision targeting involved.

Given the covert nature of these smishing campaigns, there is no single
public database listing affected cards. However, individuals can take the following steps to assess possible exposure:

Review recent transactions
Look for unexpected digital wallet activity
Monitor for verification or OTP requests you didnt initiate
Check if your data appears in breach notification services
Enable transaction alerts

Unfortunately, millions of users may remain unaware their data has been exploited for large-scale identity theft and financial fraud, facilitated not through traditional breaches.

Via Infosecurity

======================================================================
Link to news story: https://www.techradar.com/pro/security/massive-leak-of-over-115-million-us-pay ment-cards-caused-by-chinese-smishing-hackers-find-out-if-youre-affected

$$
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Hello Mike Powell!

** On Sunday 10.08.25 - 09:02, Mike Powell wrote to All:

The phishing attacks typically begin with SMS, iMessage,
or RCS messages using everyday scenarios, such as toll
payment alerts or package delivery updates, to drive
victims toward fake verification pages.

..and there's the entry vector, "to drive victims to fake
verification pages" I wouldn't trust any link from an
unsolicited sms!

--
../|ug

--- OpenXP 5.0.64
* Origin: My Westcoast Point (1:153/757.21)

August Abolins wrote to Mike Powell <=-

The phishing attacks typically begin with SMS, iMessage,
or RCS messages using everyday scenarios, such as toll
payment alerts or package delivery updates, to drive
victims toward fake verification pages.

..and there's the entry vector, "to drive victims to fake
verification pages" I wouldn't trust any link from an
unsolicited sms!

Yes, I do not, either, but apparently an alarming number of people still do!

Mike


... Direct from the Ministry of Silly Walks
--- MultiMail/DOS v0.52
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)

Hello Mike Powell!

** On Sunday 10.08.25 - 17:26, you wrote to me:

..and there's the entry vector, "to drive victims to fake
verification pages" I wouldn't trust any link from an
unsolicited sms!

Yes, I do not, either, but apparently an alarming number of people still do!

And.. some messages might arrive "seemingly" from one's bank or
other service company.. and those links could even be short
URLs. ...that's also suspicious and a no-no.

I guess there are plenty of people/victims out there who simply
never hear about the danger of short urls and whether a legit
service company even sends out sms notices or not.

--
../|ug

--- OpenXP 5.0.64
* Origin: My Westcoast Point (1:153/757.21)

Mike Powell wrote to August Abolins <=-

..and there's the entry vector, "to drive victims to fake
verification pages" I wouldn't trust any link from an
unsolicited sms!

Yes, I do not, either, but apparently an alarming number of people
still do!

I think of the elderly, many of whom have discovered SMS. Thanksfully,
my mother when she was alive knew to reach out to me to confirm, but her
best friend got burned at least twice responding to classic "urgent" SMS
scams.

It doesn't take many hits to make a venture like those profitable.



--- MultiMail/Win v0.52
* Origin: http://realitycheckbbs.org | tomorrow's retro tech (1:218/700)

Yes, I do not, either, but apparently an alarming number of people
still do!

I think of the elderly, many of whom have discovered SMS. Thanksfully,
my mother when she was alive knew to reach out to me to confirm, but her
best friend got burned at least twice responding to classic "urgent" SMS scams.

It doesn't take many hits to make a venture like those profitable.

Yes, and unfortunately these types are really good at targeting the elderly.

Mike


* SLMR 2.1a * Does anybody here remember Vera Lynn?
--- SBBSecho 3.28-Linux
* Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)