Smishing Triad expanding SMS phishing campaign
Campaign
Summary
Hide ▲
Show ▼
The Smishing Triad is expanding a SMS phishing and fraud campaign that uses impersonation domains to steal data from individuals and organizations. The operation now mimics Fawry, Egypt Post, Careem, UnionPay and TikTok, broadening its lure set across consumer, payment and service brands. It also relies on Telegram promotion and customizable smishing kits that can be deployed quickly to virtual servers, increasing scale and speed.
Related Happenings
India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled
Public Sector Action
H score71
First: 17.06.2026 16:12
Last: 17.06.2026 16:12
Sources 1
About this happening:
India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...
India's Ministry of Electronics and Information Technology acting under Section 69A of the IT Act Restricted access to Telegram nationwide and ordered message-editing disabled
Public Sector ActionAbout this happening: India's **Ministry of Electronics and Information Technology** ordered a **nationwide Telegram restriction** under **Section 69A** through **June 22**, adding a separate requireme...
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor Meta
H score69
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Outsider Enterprise-Outsider-Chinese cybercrime alliance reshapes ransomware ecosystem operations
Threat Actor MetaAbout this happening: The **Outsider Enterprise** is a **Chinese phishing-as-a-service** operation that used **Telegram**, **AI**, and distributed phishing kits to run large-scale brand-impersonation c...
Outsider Telegram-run smishing campaign targeting Americans
Campaign
H score53
First: 12.06.2026 21:59
Last: 12.06.2026 21:59
Sources 1
About this happening:
The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Outsider Telegram-run smishing campaign targeting Americans
CampaignAbout this happening: The **Outsider Enterprise** happening is a **phishing-as-a-service** campaign tied to a **Chinese cybercrime network** that used **AI** and distributed phishing kits to impersonat...
Latest development: 14.06.2026 17:36
The FBI, working with Google and Black Lotus Labs, dismantled Outsider Enterprise, a Chinese phishing-as-a-service operation that used AI and distributed phishing kits to impersonate trusted brands in texts sent through AT&T, T-Mobile and Verizon. The takedown included seizures of administration servers, a Shopify e-commerce storefront, a testing account, around $100,000 USDT and a Telegram bot linked to the service, while Google pursued civil action and coordinated with carriers to block fraudulent messages.
AI-assisted Truman Show investment fraud campaign
Campaign
H score33
First: 09.01.2026 13:00
Last: 09.01.2026 13:00
Sources 1
About this happening:
The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
AI-assisted Truman Show investment fraud campaign
CampaignAbout this happening: The **Truman Show** operation is an **AI-assisted investment fraud campaign** that uses **fake personas** and **attacker-controlled infrastructure** to lure victims into crypto sc...
TrickyWonders Wonderland distribution campaign targeting Uzbekistan users
Campaign
H score32
First: 22.12.2025 08:11
Last: 22.12.2025 08:11
Sources 1
About this happening:
The **TrickyWonders** campaign is distributing **Wonderland** through fake **Google Play** pages, **Facebook** ads, dating-app lures, and **Telegram**, expanding risk to **users i...
TrickyWonders Wonderland distribution campaign targeting Uzbekistan users
CampaignAbout this happening: The **TrickyWonders** campaign is distributing **Wonderland** through fake **Google Play** pages, **Facebook** ads, dating-app lures, and **Telegram**, expanding risk to **users i...
Timeline
-
25.11.2025 18:00 2 articles · 7mo ago
Smishing Triad expands fraudulent domains and Telegram smishing kits
Initial DisclosureDark Atlas identified a growing cluster of fraudulent domains impersonating Fawry, Egypt Post and Careem, and linked the broader Smishing Triad operation to additional pages spoofing UnionPay, TikTok and other services on shared hosting in AS132203 associated with Tencent’s facilities. The campaign relies on Telegram promotion and customizable phishing-as-a-service kits that can be rapidly deployed to virtual servers and automatically unpacked with templates for DHL, Evri, UPS, AT&T, Movistar, Vodafone, USPS, GOV.UK and Egypt Post. The same advisory also associates Darcula and Darcula 3.0 with large-scale spoofed domains, anti-detection features, a card-cloning tool and AI-driven automation.
Show sources
- Smishing Triad Impersonation Campaigns Expand Globally — www.infosecurity-magazine.com — 25.11.2025 18:00
- Smishing Triad Impersonation Campaigns Expand Globally — www.infosecurity-magazine.com — 25.11.2025 18:00