Thai Scammers Sent Over a Million Phishing SMS Messages from a Van

By Ava McKinneyOnline Safety

Thai Scammers Sent Over a Million Phishing SMS Messages from a Van

The Thai police have reported the discovery of a van used by scammers to send mass phishing SMS messages, and have arrested its driver, a 35-year-old Chinese national. The van was equipped with a device capable of sending over 100,000 phishing SMS messages per hour, targeting residents of Bangkok. The device had a range of about three kilometers and, according to investigators, was used to send nearly 1,000,000 SMS messages over three days.

The messages claimed, “Your 9268 points are about to expire! Hurry and claim your gift now.” Each message included a link to a phishing website containing the word “aisthailand” in its address, making it appear as if it belonged to Advanced Info Service (AIS), Thailand’s largest mobile operator.

Users who clicked the phishing link were taken to a page that requested their bank card information. This data was then stolen by the scammers and used for unauthorized transactions in other countries.

How the Scam Was Uncovered

Experts from AIS assisted the police in locating the SMS broadcasting device, though the mobile operator has not disclosed details about how this was accomplished. The scam group operated both inside Thailand and abroad, coordinating their actions through private Telegram channels where they also crafted the text for the phishing SMS messages.

In addition to the arrested van driver, who managed the mass messaging equipment, police are searching for at least two more members of the group.

Technical Details and Security Vulnerabilities

Such attacks are possible due to long-known vulnerabilities in mobile communication standards. For example, while mobile devices are required to authenticate themselves to networks using IMSI, the networks are not required to authenticate themselves in return. As a result, devices that connect to a fake base station can immediately receive phishing messages.

Base station emulators, commonly used for intercepting connections, are known as IMSI-catchers or Stingrays. These devices mimic cell towers, forcing nearby devices to connect to them. IMSI-catchers are sometimes used by law enforcement for triangulating target devices or even intercepting their communications.

Similar Incidents

A similar case occurred in December 2022, when French police discovered an IMSI-catcher being transported around Paris by a woman. This device was used to send messages urging Parisians to share their personal information on a fake health insurance website. It was later revealed that the same group was linked to another IMSI-catcher, which was moved around the city in an old ambulance.

Leave a Reply