{"id":223988,"date":"2025-10-25T04:15:36","date_gmt":"2025-10-25T09:15:36","guid":{"rendered":"https:\/\/lifeboat.com\/blog\/2025\/10\/smishing-triad-linked-to-194000-malicious-domains-in-global-phishing-operation"},"modified":"2025-10-25T04:15:36","modified_gmt":"2025-10-25T09:15:36","slug":"smishing-triad-linked-to-194000-malicious-domains-in-global-phishing-operation","status":"publish","type":"post","link":"https:\/\/lifeboat.com\/blog\/2025\/10\/smishing-triad-linked-to-194000-malicious-domains-in-global-phishing-operation","title":{"rendered":"Smishing Triad Linked to 194,000 Malicious Domains in Global Phishing Operation"},"content":{"rendered":"<p><a class=\"aligncenter blog-photo\" href=\"https:\/\/lifeboat.com\/blog.images\/smishing-triad-linked-to-194000-malicious-domains-in-global-phishing-operation.jpg\"><\/a><\/p>\n<p>In a report published earlier this week, Fortra said phishing kits associated with the Smishing Triad are being used to increasingly target brokerage accounts to obtain banking credentials and authentication codes, with attacks targeting these accounts witnessing a fivefold jump in the second quarter of 2025 compared to the same period last year.<\/p>\n<p>\u201cOnce compromised, attackers manipulate stock market prices using \u2018ramp and dump\u2019 tactics,\u201d security researcher Alexis Ober <a href=\"https:\/\/www.fortra.com\/blog\/fortra-tracks-fivefold-increase-brokerage-attacks-yoy\" rel=\"noopener\" target=\"_blank\">said<\/a>. \u201cThese methods leave almost no paper trail, further heightening the financial risks that arise from this threat.\u201d<\/p>\n<p>The adversarial collective is said to have evolved from a dedicated phishing kit purveyor into a \u201chighly active community\u201d that brings together disparate threat actors, each of whom plays a crucial role in the phishing-as-a-service (PhaaS) ecosystem.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a report published earlier this week, Fortra said phishing kits associated with the Smishing Triad are being used to increasingly target brokerage accounts to obtain banking credentials and authentication codes, with attacks targeting these accounts witnessing a fivefold jump in the second quarter of 2025 compared to the same period last year. \u201cOnce compromised, [\u2026]<\/p>\n","protected":false},"author":427,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[34,45],"tags":[],"class_list":["post-223988","post","type-post","status-publish","format-standard","hentry","category-cybercrime-malcode","category-finance"],"_links":{"self":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223988","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/users\/427"}],"replies":[{"embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/comments?post=223988"}],"version-history":[{"count":0,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/posts\/223988\/revisions"}],"wp:attachment":[{"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/media?parent=223988"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/categories?post=223988"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/lifeboat.com\/blog\/wp-json\/wp\/v2\/tags?post=223988"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}