Cyber Attack cyber

Phantom Security

Aug 11, 2024 1 min read
Phantom Security

Phantom Security faced a sophisticated smishing campaign where scammers, identified as a Chinese-language group, targeted users with fake USPS parcel delivery messages to obtain credit card details. Over 438,669 unique credit cards were compromised, with victims spanning across the United States. The scam affected individual finances and potentially damaged the reputation of entities whose emails were associated with the scam, including universities and military or government bodies. The company's red team engineer, Grant Smith, managed to infiltrate and expose the operation, mitigating further damage by assisting USPS investigators and banks in protecting consumers from fraudulent activities.

Source: https://www.wired.com/story/usps-scam-text-smishing-triad/

TPRM report: https://scoringcyber.rankiteo.com/company/phantom-cyber-group

"id": "pha001081124",
"linkid": "phantom-cyber-group",
"type": "Cyber Attack",
"date": "8/2024",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"
{'affected_entities': [{'customers_affected': '438,669',
                        'industry': 'Cybersecurity',
                        'location': 'United States',
                        'name': 'Phantom Security',
                        'type': 'Company'}],
 'attack_vector': 'Phishing',
 'data_breach': {'number_of_records_exposed': '438,669',
                 'sensitivity_of_data': 'High',
                 'type_of_data_compromised': 'Credit card details'},
 'description': 'Phantom Security faced a sophisticated smishing campaign '
                'where scammers, identified as a Chinese-language group, '
                'targeted users with fake USPS parcel delivery messages to '
                'obtain credit card details. Over 438,669 unique credit cards '
                'were compromised, with victims spanning across the United '
                'States. The scam affected individual finances and potentially '
                'damaged the reputation of entities whose emails were '
                'associated with the scam, including universities and military '
                "or government bodies. The company's red team engineer, Grant "
                'Smith, managed to infiltrate and expose the operation, '
                'mitigating further damage by assisting USPS investigators and '
                'banks in protecting consumers from fraudulent activities.',
 'impact': {'brand_reputation_impact': ['Universities',
                                        'Military or government bodies'],
            'data_compromised': 'Credit card details',
            'payment_information_risk': 'High'},
 'initial_access_broker': {'entry_point': 'Fake USPS parcel delivery messages'},
 'motivation': 'Financial Gain',
 'post_incident_analysis': {'root_causes': 'Human trust in fake USPS parcel '
                                           'delivery messages'},
 'response': {'third_party_assistance': ['USPS investigators', 'Banks']},
 'threat_actor': 'Chinese-language group',
 'title': 'Phantom Security Smishing Campaign',
 'type': 'Smishing Campaign',
 'vulnerability_exploited': 'Human trust in fake USPS parcel delivery messages'}
Published by
Jeremy C
Jeremy C
You might also like
Great! Next, complete checkout for full access to Rankiteo Blog.
Welcome back! You've successfully signed in.
You've successfully subscribed to Rankiteo Blog.
Success! Your account is fully activated, you now have access to all content.
Success! Your billing info has been updated.
Your billing was not updated.