Operators of the ‘SMS Bandits’ Services Arrested in the U.K.

  • The young operator of the ‘SMS Bandits’ smishing service has been arrested, and more may follow up soon.
  • The hacker wasn’t careful enough with his online presence, especially on the clearnet side of the web.
  • The smishing campaigns backed by the service were supported by good English and careful operations.

U.K.’s National Crime Agency (NSA) has confirmed that the operator of the ‘SMS Bandits’ service has been arrested, and while they didn’t give away a name, they told the press that it’s a 20-year-old man from Birmingham. The particular platform was sending out large volumes of smishing (phishing SMS), taking advantage of anything that happened to be hot during that period of time, including tax revenue agencies, COVID-19 pandemic relief, PayPal, telecom providers, utility providers, shipping firms, etc.

Source: Krebs on Security

As reported by Krebs on Security, there are several users associated with the phishing service, posting promotional messages on various cybercrime forums as “SMSBandits,” “Gmuni,” “Bamit9,” and “Uncle Minus.” It is not clear if these handles were all controlled by the Birmingham youngster or if more people are involved in the operation, but we guess that this is one thing that will be cleared out through the investigation that’s currently still underway.

The law enforcement authorities managed to trace down the person by considering a set of key factors. First, the quality of the smishing messages indicated the involvement of a native English speaker. Secondly, the operator promoted his Birmingham-based freelancer account offering web developer and software developer services, using the “smsbandits” moniker. This was overly naive and an elementary mistake, really, yet it is the very thing that gave the operator away.

Source: Krebs on Security

On the telecom front, the phishing platform was actually doing a lot better. They verified that the phone number lists provided by their clients pointed to mobile devices, not landlines, and avoided sending out messages in a bulk manner, essentially minimizing the risk of raising any alarms about spam activities on the telcos.

In addition to the smishing service, SMS Bandits offered a “bulletproof” hosting service, an “auto-shop” for unloading stolen account credentials, and also a bulk SMS provider named ‘OTP Agency.’ So, all in all, the man’s activity and presence on the dark web were quite extensive.

Source: Krebs on Security

While the arrest of the ‘SMS Bandits’ operator isn’t going to bring any noticeable difference on the volume of smishing messages that fly around daily, it is going to create a hole in the high-quality offerings in that field. Running smishing campaigns that are free of grammar and spelling errors is characteristically rare, and native speakers who dare to enter that space stand out like flies in buttermilk.

REVIEW OVERVIEW

Latest

How to Watch Two Shallow Graves: The McStay Family Murders Online From Anywhere

If you enjoy crime documentaries, we have a recommendation for you as Investigation Discovery has just released a brand-new limited docu-series. It...

How to Watch Beat Shazam Season 5 Online From Anywhere

The game show that will have you on your feet is set to launch a new season pretty soon, and we have...

How to Watch Don’t Forget the Lyrics! Online From Anywhere 

It's summer, so game shows are on! The newest addition to the list comes from Fox, and it's a revival of a...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari