Phantom Security faced a sophisticated smishing campaign where scammers, identified as a Chinese-language group, targeted users with fake USPS parcel delivery messages to obtain credit card details. Over 438,669 unique credit cards were compromised, with victims spanning across the United States. The scam affected individual finances and potentially damaged the reputation of entities whose emails were associated with the scam, including universities and military or government bodies. The company's red team engineer, Grant Smith, managed to infiltrate and expose the operation, mitigating further damage by assisting USPS investigators and banks in protecting consumers from fraudulent activities.
Source: https://www.wired.com/story/usps-scam-text-smishing-triad/
"id": "pha001081124",
"linkid": "phantom-cyber-group",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"