Given how many organizations continue to move their workloads to the cloud, it’s not surprising that bad actors are doing the same. The latest example comes from attackers who are using Amazon Web Services’ Simple Notification Service (SNS) in a “smishing” scam that includes impersonating the U.S. Postal Service (USPS).
A Python-based script called SNS Sender is being offered in phishing kits and is using the AWS service to send bulk SMS text messages that appear to come from the postal service regarding missed package deliveries but are used by the bad actors to spread spamming phishing links – smishing – aimed at grabbing victims’ personally identifiable information (PII) and payment card details, according to a report from cybersecurity firm SentinelOne.
“SNS Sender is the first script we observed using AWS SNS,” wrote Alex Delamotte, senior threat researcher at SentinelOne. “While other tools like AlienFox have used business to customer (B2C) communications platforms such as Twilio, we are unaware of other tools that use AWS SNS to conduct SMS spamming attacks.
Delamotte added that SentinelOne researchers “believe this actor is using cloud services to send bulk SMS phishing messages, though they may still be testing the tool based on some questionable programming choices.”