Increased Reporting of Criminal Actors Use of Smishing to Solicit Information from Employees

Other | 06/02/2023

The FBI San Francisco Field Office, in coordination with the Office of Private Sector (OPS), prepared this Liaison Information Report (LIR) to inform private sector partners of recent smishinga attempts, sending text messages purporting to be from employees or company leadership to induce individuals to reveal personal information. Actors conducting this scheme typically try to elicit financial information, personal identifiable information (PII), credentials, or details about a company and/or its employees. The criminal threat actors in these instances are attempting to solicit and/or steal various types of information which could be used for financial gain, further intrusion at a company, additional targeting of employees, or other criminal acts. There has been an uptick in reporting of these schemes and there have been recent similar smishing attempts, including at least one instance in which an individual marketed a ‘phishing kit’b enabling the purchaser to harvest credentials. This LIR updates and provides examples building on the TLP-AMBER LIR "Trend in Cyber Criminals Using Vishing Campaigns for Financial Gain" dated 10 December 2020, which describes techniques used in vishingc campaigns and possible mitigation efforts.

To read more, please log in