A large-scale smishing operation sent fraudulent mobile text messages that impersonated toll road operators, package delivery firms, and government agencies, luring victims to mobile-optimized phishing sites built to steal credentials, payment card data, and other sensitive information. Researchers linked the activity to industrialized phishing infrastructure using spoofed brands, dynamically generated subdomains, low-cost .top and .cc domains, Let's Encrypt certificates, geo-fencing, and cloud-hosted servers, with campaigns targeting services in the UAE, Singapore, and other regions including transportation, logistics, and public-sector brands such as Emirates Post, Salik, Parkin, Dubai Police, Aramex, and Singapore's Land Transport Authority.
Google said it filed a lawsuit against a China-linked scam network known as Outsider Enterprise, alleging the group abused Gemini to help create phishing content and fake websites impersonating brands including Google, YouTube, and New York E-ZPass. According to the filing, the operation marketed phishing-as-a-service through Telegram with nearly 300 scam templates for customers, while Google coordinated with AT&T, Verizon, and T-Mobile to block malicious texts; the company also said Google Messages scam detection now blocks about 10 billion scam texts each month.

Mallory correlates global threat intelligence with your attack surface — know if you’re exposed before adversaries strike.
4 events from the most recent confirmed update back to the earliest known activity.
Google said it worked with AT&T, Verizon, and T-Mobile to block many malicious text messages tied to the scam campaigns. It also said Google Messages scam detection blocks about 10 billion scam texts per month.
Google filed a lawsuit against a China-linked scam operation identified as Outsider Enterprise, alleging it abused Gemini to support phishing campaigns. According to the filing, the group used Telegram and sold phishing-as-a-service offerings with nearly 300 scam templates, including fake Google, YouTube, and New York E-ZPass sites.
Zimperium published details of a large-scale smishing campaign that sent fraudulent toll, package delivery, and government-themed text messages to mobile users. The messages redirected victims to phishing sites built to steal credentials, payment card data, and other sensitive information.
A research report described a large-scale smishing and phishing infrastructure targeting transportation, government, and logistics brands in the UAE and Singapore. The operation used spoofed brands, dynamic subdomains, Alibaba Cloud-hosted infrastructure, geo-fenced mobile phishing pages, and indicators including emiratespost.ae.tcsz.top and 47.254.56.221.
Vulnerabilities, threat actors, malware, products, organizations, and breaches Mallory has linked to this story.
3 references tracked. Mallory keeps watching after this page renders.
schneier.com
Open sourcezimperium.com
Open sourcemedium.com
Open sourceMap indicators from this story to your assets and identify affected systems in minutes.
Every observed campaign, victim, and pivot linked to actors named in this story.
Malware, exploits, and IOCs connected to the activity described here.
YARA, Sigma, and Snort rules deployed to your SIEM as soon as they’re published.
Get matching new stories delivered to your team as they break — not the next morning.
Ask questions about this story and take action on the answers.