A recent study by security experts revealed that iPhone farms, which consist of numerous devices utilizing rotating temporary Apple IDs, are utilized to dispatch over 100,000 fraudulent iMessages daily.
Switching to iMessages enables scammers to evade the anti-spam and scam measures that mobile carriers enforce, and perpetrators aren’t required to possess any technical expertise as there are firms that offer phishing-as-a-service (PhAAS) solutions.
Unpaid toll fees, shipping fees, and other scams
Some prevalent scams currently include fake notifications regarding unpaid toll fees, claims that shipping fees are needed to retrieve valuable parcels from Customs, and counterfeit alerts about unpaid taxes.
These fraudulent schemes are commonly executed via email and text messages, leading to an ongoing cat-and-mouse dynamic between criminals and internet service providers and mobile carriers striving to identify and block suspicious messages and links.
iPhone farms distributing scam iMessages
Researchers from the cybersecurity firm Catalyst reported that fraudsters are increasingly leveraging iMessage. Due to the encryption of these messages, carriers cannot scrutinize their contents, rendering them undetectable and unblocking.
Compounding the issue, they discovered a Chinese service offers access to these iPhone farms for individuals willing to pay.
Lucid is an advanced Phishing-as-a-Service (PhAAS) platform run by Chinese-speaking threat actors, targeting 169 organizations across 88 countries worldwide […]
Its scalable, subscription-based approach empowers cybercriminals to execute extensive phishing operations aimed at stealing credit card information for financial gain […] To improve efficiency, Lucid utilizes Apple iMessage and Android’s RCS technology, bypassing conventional SMS spam filters and significantly enhancing delivery and success rates.
The developers of Lucid provide standardized templates for scammers to craft convincing imitations of websites belonging to companies like courier services.
The XinXin group, recognized for creating Lucid and other PhAAS tools, has been noted for selling phishing templates that mimic postal services, courier companies, toll road systems, and tax refund agencies.
Catalyst shares a low-resolution image (above) depicting one of these operational iPhone farms.
A Telegram channel dedicated to marketing these PhAAS attacks has amassed over 2,000 members.
How to safeguard yourself
The primary defense against phishing schemes is to never click on links included in emails. Always access websites through your bookmarks, or manually input a reputable URL.
Fraudsters can easily fabricate emails or messages to appear as though they come from legitimate organizations, making it imperative not to trust seemingly-known contacts. Be especially cautious of messages urging immediate action to avoid penalties or to retrieve packages.
Featured accessories
Via Macworld. Image credited to Catalyst with background by Uriel SC on Unsplash.
