A massive global phishing infrastructure has been dismantled by the FBI after a Chinese firm was caught distributing sophisticated kits used to harvest over 3.8 million credit card records. The operation relied on a staggering network of 9,000 fraudulent websites and 1 million distinct URLs designed to mimic trusted brands through SMS-based campaigns. This disruption addresses a criminal enterprise responsible for an estimated $1.9 billion in financial losses globally.
The scheme operated by selling ready-to-use phishing kits to various threat actors, who then deployed them to deceive victims into revealing sensitive financial data. Key statistics from the investigation include:
- 1 million fraudulent URLs utilized to bypass security filters.
- 3.8 million credit cards compromised by the infrastructure.
- A primary focus on SMS-based phishing (smishing) to impersonate shipping companies and financial institutions.
By targeting the source of the tools rather than individual scammers, law enforcement has significantly hampered the ability of low-level criminals to launch high-impact retail theft campaigns. Security researchers at BleepingComputer indicate that this bust is one of the largest infrastructure takedowns in recent history regarding consumer-focused financial fraud.
