"Don't feed the toll troll": New threat actor (IMP-1G) engaging in SMS phishing activities, targeting US and Canadian public services. 100+ IOFA domains discovered, with only 10% known to authorities.

SUMMARY :

A new threat actor, designated as IMP-1G, has been discovered engaging in SMS phishing activities targeting US and Canadian public services. The campaign focuses on toll roads, mass transit systems, postal services, court payments, municipal payments, and state-owned utility companies across multiple states and provinces. Over 100 Indicator of Future Attack (IOFA) domains have been identified, with only 10% known to authorities. The phishing domains impersonate government payment portals to steal credit card information and personal data. The threat actor also targets financial institutions and cryptocurrency users with similar tactics. Law enforcement agencies have seized some domains, but the majority remain active.

OPENCTI LABELS :

identity theft,smishing,public utilities,government services,toll fraud,iofa domains,sms phishing


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


"Don't feed the toll troll": New threat actor (IMP-1G) engaging in SMS phishing activities, targeting US and Canadian public services. 100+ IOFA domains discovered, with only 10% known to authorities.