Find notable cyber news and cases, enriched with sources, timelines, and signals.
Home Browse News Feed Stats Watchlists Beta About Contact

China-based smishing and fake e-commerce phishing campaign

Campaign
First reported
Last updated
Happening score
H score 33
1 unique sources, 1 articles

Summary

Hide ▲

A China-based phishing campaign has escalated into mass-registered scam domains and SMS lures for rewards points, tax refunds, and fake retail deals, increasing risk for U.S. consumers during the holiday shopping season. The operation uses iMessage and RCS to deliver links that harvest names, addresses, phone numbers, and payment card data. It then tries to enroll stolen card details into Apple or Google mobile wallets, creating a direct path to unauthorized charges and account abuse.

Related Happenings

AccountDumpling Google AppSheet Facebook phishing campaign

Campaign
First: 01.05.2026 21:09 Last: 01.05.2026 21:09 Sources 1

About this happening: A **Vietnamese-linked** operation dubbed **AccountDumpling** is using **Google AppSheet** as a phishing relay to steal **Facebook** credentials, enabling account takeover at scale...

Open Happening

FakeWallet Apple App Store wallet-stealing apps

Malware Activity
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** app set turned the **Apple App Store** into a delivery channel for **26 malicious wallet lookalikes**, putting crypto holders at risk of account takeover and th...

Open Happening

FakeWallet crypto wallet phishing campaign targeting users in China

Campaign
First: 21.04.2026 00:52 Last: 21.04.2026 00:52 Sources 1

About this happening: The **FakeWallet** campaign is actively distributing **26 malicious apps** that impersonate crypto wallets and steal **seed phrases**, putting **users in China** at immediate risk...

Latest development: 24.04.2026 14:48

Kaspersky said the FakeWallet campaign is gaining momentum with new tactics, including phishing apps published in the Apple App Store, cold wallet impersonation, and phishing notifications, and suspected it may be the work of threat actors linked to SparkKitty because some infected apps use OCR to steal wallet recovery phrases and the two campaigns share native Chinese-speaking operators and cryptocurrency targeting.

Open Happening

Apple account change notification phishing campaign

Campaign
First: 19.04.2026 19:03 Last: 19.04.2026 19:03 Sources 1

About this happening: A **callback phishing campaign** is abusing **Apple account change notifications** to deliver fake **iPhone purchase** scams through legitimate emails, making the lure look authen...

Open Happening

TikTok for Business phishing campaign using Turnstile and reverse proxy

Campaign
First: 26.03.2026 16:09 Last: 26.03.2026 16:09 Sources 1

About this happening: A **phishing campaign** is targeting **TikTok for Business accounts** and uses **Cloudflare Turnstile** to block automated analysis before exposing a **reverse-proxy** credential-...

Open Happening

Timeline

  1. 05.12.2025 01:02 2 articles · 5mo ago

    China-based phishing campaign widens from package scams to mobile-wallet and fake retail lures

    Campaign Scope Update

    China-based phishing groups are using a broader mobile phishing operation that includes T-Mobile rewards-point lures, AT&T targeting, and U.S. state tax-refund spoofing. The same kits also mass-create fake e-commerce storefronts that collect names, addresses, phone numbers, payment card data, and one-time codes, then attempt to enroll the phished cards in Apple or Google mobile wallets. The phishing messages are delivered through Apple’s iMessage service and Google’s RCS messaging service, and the fake retail sites can be advertised on Google and Facebook and remain hard to detect for long periods.

    Show sources
    Open in new tab