Operators of the ‘SMS Bandits’ Services Arrested in the U.K.

  • The young operator of the ‘SMS Bandits’ smishing service has been arrested, and more may follow up soon.
  • The hacker wasn’t careful enough with his online presence, especially on the clearnet side of the web.
  • The smishing campaigns backed by the service were supported by good English and careful operations.

U.K.’s National Crime Agency (NSA) has confirmed that the operator of the ‘SMS Bandits’ service has been arrested, and while they didn’t give away a name, they told the press that it’s a 20-year-old man from Birmingham. The particular platform was sending out large volumes of smishing (phishing SMS), taking advantage of anything that happened to be hot during that period of time, including tax revenue agencies, COVID-19 pandemic relief, PayPal, telecom providers, utility providers, shipping firms, etc.

Source: Krebs on Security

As reported by Krebs on Security, there are several users associated with the phishing service, posting promotional messages on various cybercrime forums as “SMSBandits,” “Gmuni,” “Bamit9,” and “Uncle Minus.” It is not clear if these handles were all controlled by the Birmingham youngster or if more people are involved in the operation, but we guess that this is one thing that will be cleared out through the investigation that’s currently still underway.

The law enforcement authorities managed to trace down the person by considering a set of key factors. First, the quality of the smishing messages indicated the involvement of a native English speaker. Secondly, the operator promoted his Birmingham-based freelancer account offering web developer and software developer services, using the “smsbandits” moniker. This was overly naive and an elementary mistake, really, yet it is the very thing that gave the operator away.

Source: Krebs on Security

On the telecom front, the phishing platform was actually doing a lot better. They verified that the phone number lists provided by their clients pointed to mobile devices, not landlines, and avoided sending out messages in a bulk manner, essentially minimizing the risk of raising any alarms about spam activities on the telcos.

In addition to the smishing service, SMS Bandits offered a “bulletproof” hosting service, an “auto-shop” for unloading stolen account credentials, and also a bulk SMS provider named ‘OTP Agency.’ So, all in all, the man’s activity and presence on the dark web were quite extensive.

Source: Krebs on Security

While the arrest of the ‘SMS Bandits’ operator isn’t going to bring any noticeable difference on the volume of smishing messages that fly around daily, it is going to create a hole in the high-quality offerings in that field. Running smishing campaigns that are free of grammar and spelling errors is characteristically rare, and native speakers who dare to enter that space stand out like flies in buttermilk.

Latest
How to Watch Junior Bake Off 2023 (Season 8) Online from Anywhere
Get ready to watch juniors show off their baking skills! Junior Bake Off 2023 (Season 8) is all set to be aired!...
How to Watch How I Met Your Father Season 2 Online from Anywhere
How I Met Your Father Season 2 is set to hit the screens pretty soon. We have the premiere date, plot, cast,...
How to Watch Better Date Than Never Online: Stream the Dating Docuseries from Anywhere
Are you a docuseries lover? If so, we have a piece of exciting news! Better Date Than Never, a new six-episode series,...
For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: Chrome, Edge, Firefox, Safari