Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

Smishing Triad brokerage-account phishing surges fivefold in Q2 2025

Target Trend
First reported
Last updated
Happening score
H score 22
1 unique sources, 1 articles

Summary

Hide ▲

Brokerage accounts are seeing a sharp rise in smishing-driven credential theft, with attacks climbing fivefold in Q2 2025 versus the same period a year earlier. The shift increases the risk of banking credential and authentication code theft for financial-account holders. The targeting pattern is linked to phishing kits associated with the Smishing Triad, making brokerage users a more prominent fraud target.

Related Happenings

QR code phishing surged across email threats in Q1 2026

Target Trend
First: 05.05.2026 09:35 Last: 05.05.2026 09:35 Sources 1

About this happening: **Q1 2026** email-threat telemetry shows **QR code phishing** and **CAPTCHA-gated phishing** rising quickly, increasing the risk of **credential theft** across **organizations**....

Open Happening

Tycoon 2FA-Storm-1747 ecosystem shift changes threat-actor operations

Threat Actor Meta
First: 05.03.2026 08:51 Last: 05.03.2026 08:51 Sources 1

About this happening: **Tycoon2FA** has evolved from a **subscription-based PhaaS** into a more resilient phishing service that now supports **device-code phishing** against **Microsoft 365** accounts....

Latest development: 17.05.2026 17:43

eSentire says Tycoon2FA now uses device-code phishing to target Microsoft 365 accounts, with invoice-themed lure emails carrying Trustifi click-tracking URLs that redirect through Trustifi, Cloudflare Workers, obfuscated JavaScript layers, and a fake Microsoft CAPTCHA page before sending victims to microsoft.com/devicelogin. The kit also adds anti-analysis defenses, including detection of Selenium, Puppeteer, Playwright, and Burp Suite, plus blocks for security vendors, VPNs, sandboxes, AI crawlers, and cloud providers.

Open Happening

Record crypto-fraud losses rise with AI-driven impersonation

Target Trend
First: 14.01.2026 12:00 Last: 14.01.2026 12:00 Sources 1

About this happening: **Cryptocurrency fraud** is surging as scammers use **AI chatbots** and **brand impersonation** to widen victim reach and raise payout sizes. A **Malwarebytes Labs** analysis foun...

Open Happening

China-based groups selling phishing-as-a-service kits for mobile-points smishing

Threat Actor Meta
First: 05.12.2025 01:02 Last: 05.12.2025 01:02 Sources 1

About this happening: Multiple **China-based cybercriminal groups** are selling **phishing-as-a-service platforms** that reuse the same scam infrastructure across **mobile points**, **tax-refund**, and...

Open Happening

Smishing Triad evolves into a multi-role phishing-as-a-service ecosystem

Threat Actor Meta
First: 24.10.2025 21:35 Last: 24.10.2025 21:35 Sources 1

How related: The adversarial collective is said to have evolved from a dedicated phishing kit purveyor into a "highly active community" that brings together disparate threat actors, each of whom plays a crucial role in the phishing-as-a-service (PhaaS) ecosystem.

About this happening: **Smishing Triad** has evolved from a phishing-kit purveyor into a **multi-role phishing-as-a-service (PhaaS) ecosystem**, making its smishing operation more scalable and harder t...

Open Happening

Timeline

  1. 24.10.2025 21:35 2 articles · 7mo ago

    Smishing Triad phishing kits target brokerage accounts in a fivefold Q2 2025 surge

    Initial Disclosure

    Fortra reported that phishing kits associated with the Smishing Triad are increasingly targeting brokerage accounts to steal banking credentials and authentication codes, and that attacks against those accounts rose fivefold in the second quarter of 2025 compared with the same period in 2024.

    Show sources
    Open in new tab