Quick summary from the Smishing & Vishing front last week. NUMBERCOP tracked new targeted Smishing campaigns for Bank of America, Wells Fargo, Chase, BBVA Compass (Recording: bit.ly/1D2PO01), Alabama State Employee Credit Union and a continuation of NCUA’s (National Credit Union Association) debit card smishing.

The NCUA Smishing campaign used the associations reference only for it’s inbound IVR while text message lures were kept generic. While not targeted directly, this prompted alerts from a variety of CU’s incl. ICU Credit Union (MA), Regional FCU (IN), Peoples Bank (WI), Cape Cod Cooperative Bank (MA), Peoples Advantage FCU (VA), Security Credit Union (MI) and Wesla FCU (LA).

Most of last weeks action however was in Canada. With tax season in its final stretch Phishers targeted the Canada Revenue Agency (Canadian IRS) in a massive Smishing campaign driving traffic to a very high quality phishing site with links to 6 (fake) Canadian bank logins (ATB, BMO, CIBC, HSBC, RBC, TD Bank, Scotiabank, Laurentian Bank, Manulife Bank, National Bank and President’s Choice Financial). That same site also received traffic from a separate TD Bank Smishing campaign. Enough for prime time news about Smishing all over Canada last week.

Meanwhile in the UK NUMBERCOP collected further evidence of a widening Natwest’s Smishing campaign, which has now expanded to Lloyds Bank. With nearly identical syntax compared to Natwest this campaign hijacked (or spoofed) once again previously legit Sender IDs (Alphanumeric Shortcodes).

A few weekly samples below, please contact us for API access & live coverage.