Full Report
Good Wall Street Journal article on criminal gangs that scam people out of their credit card information: Your highway toll payment is now past due, one text warns. You have U.S. Postal Service fees to pay, another threatens. You owe the New York City Department of Finance for unpaid traffic violations. The texts are ploys to get unsuspecting victims to fork over their credit-card details. The gangs behind the scams take advantage of this information to buy iPhones, gift cards, clothing and cosmetics. Criminal organizations operating out of China, which investigators blame for the toll and postage messages, have used them to make more than $1 billion over the last three years, according to the Department of Homeland Security...
Analysis Summary
# Threat Actor: Unnamed China-Based Criminal Organizations
## Attribution & Identity
* **Identification:** Criminal organizations operating out of China.
* **Known Aliases:** Not explicitly provided in the summary, referred to generally by location of operation.
* **Associated Groups:** No specific named groups are provided, only broad criminal organizations.
## Activity Summary
The profiled criminal organizations engage in large-scale financial fraud targeting individuals to steal credit card information. Investigators estimate these gangs have generated over **$1 billion in illicit revenue over the last three years** using these methods.
## Tactics, Techniques & Procedures
* **Social Engineering (T1566):** Employing text messages (SMS) impersonating legitimate entities to trick victims into revealing sensitive information.
* Ploy Examples: Fake notices regarding past-due highway toll payments, unpaid U.S. Postal Service fees, or outstanding New York City Department of Finance traffic violations.
* **Payment Fraud/Card Cracking:** After obtaining credit card details, the actors use the stolen data to purchase goods.
* **Unique Technical Trick:** Utilizing an "ingenious trick" that allows criminals in Asia to install stolen card numbers into **Google and Apple Wallets**, facilitating the sharing of these cards with operatives in the U.S. for physical purchases.
## Targeting
* **Sectors:** General consumers/individuals (Victims are targeted by common service notifications).
* **Geography:** Targeting U.S. residents, evidenced by mentions of U.S. Postal Service, highway tolls, and NYC Department of Finance. Operations appear coordinated between China and the U.S. for making purchases.
* **Victims:** Unsuspecting members of the public targeted via SMS phishing/smishing.
## Tools & Infrastructure
* **Malware Families Used:** Not specified. The primary "tool" described is the SMS platform used for delivering phishing messages.
* **Infrastructure:** The method described involves using stolen card information within **Google and Apple Wallets** located in Asia to facilitate purchases executed by remote actors in the U.S.
## Implications
This indicates a sophisticated, highly lucrative cross-border organized crime operation focused on leveraging digital payment ecosystems (like mobile wallets) to monetize stolen payment data, escalating the potential financial damage compared to simple online shopping fraud. The scale ($1B+ in 3 years) suggests significant established infrastructure.
## Mitigations
* **User Education:** Raise awareness regarding unsolicited text messages demanding immediate payment or hinting at violations from government or postal services.
* **Verification:** Counsel users never to click links or provide financial details via unexpected text messages; verify legitimacy via official websites or phone numbers directly.
* **Digital Wallet Security:** While the actor exploits a vulnerability in the wallet insertion/sharing process, general vigilance regarding mobile wallet security setup is advisable.