It's more Cape of Storms than it is Cape of Good Hope for an alleged phishing gang reportedly busted in Cape Town in South Africa's Western Cape.
The gang supposedly used a mixture of email and SMS to lure their victims into payment scams, tricking them into handing over sufficient PII (personally identifiable information) to allow the crooks to help themselves to money that the victims thought was going somewhere else.
Internet access from a desktop computer or a laptop is still a luxury in South Africa, so email gives cybercriminals only so much reach. But mobile phones are ubiquitous; sending business offers and approving payments over SMS are common and popular; and electronic communications fall under an opt-out regulatory system.
That means that users are inured to SPASMS, as Naked Security jocularly refers to spam via SMS. And that, in turn, makes smishing, or phishing for PII via SMS instead of email, a viable approach for cybercriminals.
In countries with an opt-in regulatory framework for electronic communications, such as Australia, users are, in my opinion, much more likely to reject unsolicited SMSes out of hand, simply because they're unlawful by definition.
Read more: http://nakedsecurity.sophos.com/2013/06/03/fake-payment-phishers-busted-in-south-africa/
