When security researcher Grant Smith received a text message claiming to be from the United States Postal Service, he initially dismissed it as another scam. However, the.
Hacking the hackers: After his wife fell victim to a smishing campaign, a security researcher initiated a personal investigation, uncovering a global operation. By hacking into the scammers‘ systems to gather evidence, he provided authorities with crucial information that helped end the widespread fraud campaign.
When security researcher Grant Smith received a text message claiming to be from the United States Postal Service, he initially dismissed it as another scam. However, the situation took a serious turn when his wife inadvertently entered her credit card details into the linked fraudulent website. This personal breach motivated Smith to embark on an in-depth investigation into the scam’s origins.
Smith, the founder of cybersecurity firm Phantom Security, eventually uncovered a large-scale operation involving fake USPS messages designed to collect personal information, including credit card details, from unsuspecting victims. These scams directed recipients to fraudulent websites that prompted them to enter sensitive information.
Determined to trace the source of the scam, Smith identified a Chinese-language group responsible for the operation. He exploited vulnerabilities in their systems, using SQL injection and path traversal to gather evidence of their activities. The SQL injection attacks allowed him to manipulate database queries, while path traversal enabled access to files outside the web root folder.
