Let’s say you’re out running errands, minding your business, and ding—you get a text:
“Unusual activity detected on your account. Click here to verify.”
It looks legit. It feels urgent. And if you’re like most people, your heart skips a beat. That’s exactly what a cybercriminal group called the Smishing Triad is counting on.
Smishing is a type of scam where criminals send fake text messages to trick you into clicking a link, sharing personal information, or downloading malware. The term combines “SMS” (text messaging) and “phishing.” These messages often look urgent or official—like a fraud alert or missed delivery—to get you to act quickly without thinking.
The Scam That Grew Up
Just a few months ago, these scammers were mostly pretending to be toll companies or missed delivery notices. You’d get a message saying you forgot to pay a highway fee or that a package couldn’t be delivered without some info.
But now? They’ve gotten bolder. They’re impersonating banks—sending fake alerts that look like fraud notifications, card declines, or login issues. And they’re really convincing! The kind of message that makes you think, “Uh-oh… I better check this right now.”
That’s their trick. Get you moving fast before you stop to think.
Who Are These Guys Anyway?
The Smishing Triad is a cybercrime group based in China, and they’ve built an entire operation around scamming people via text. They focus on U.S. customers and use software tools to send out thousands of fake texts every day.
- They send texts that say something’s wrong with your account.
- They include a link to a site that looks
- They want you to act fast—click, log in, share info—before you realize it’s a scam.
And behind those messages? A phone farm—yep, that’s a real thing.
↑ This is one of their actual phone farms. Each phone can send out thousands of texts. Multiply that by hundreds of phones, and you’ve got a cybercrime factory. Image: Prodaft and KrebsOnSecurity
What Happens If You Click?
If someone falls for one of these messages and clicks the link, here’s what happens:
- You land on a fake site asking for credit card numbers, login info, or a one-time code.
- If you enter a one-time code, they can use it to add your card to a mobile wallet like Apple Pay or Google Pay—on their own device.
- They even use special tools to generate fake cards using your real info, and test them with small charges right away.
Basically, if they get your info, they try to spend your money fast before you notice.
What We’re Doing to Protect You
Now for the good part: We’re watching out for you.
- We monitor for patterns and scam reports from customers like you.
- We conduct regular training and awareness programs for our employees, so they can spot potential threats and prevent them.
- We analyze trends in cyber threats to make sure the bank’s systems stay one step ahead of the bad guys.
We also never ask for your personal info or login credentials through text. If you ever get a message and you’re not sure—it’s okay to pause and check with us directly. We’d rather answer a “just in case” call than have you risk falling for something sneaky.
How You Can Stay Safe
- Be suspicious of unexpected texts, even if they mention Richwood Bank.
- Don’t click links in messages you weren’t expecting—especially if they seem urgent.
- Double-check web addresses and phone numbers. If something looks even a little bit off, like a missing letter or number, don’t click or answer. It’s better to be safe!
- Call us directly using the number on your bank card or our website—not the one in the text.
We’re Here for You
Cybercriminals will keep changing tactics. But so do we. We’re constantly updating how we protect your information and your money—and we’re always here to help.
If you ever have a question or concern, reach out. No question is too small when it comes to keeping you safe!
Stay alert and don’t let the Smishing Triad catch you off guard!
Contributed by the Richwood Bank Cyber Security Team
Source: Brian Krebs with KrebsOnSecurity
Full site: krebsonsecurity.com
Article: China-based SMS Phishing Triad Pivots to Banks – Krebs on Security
