By rssfeeds-admin 
These Chinese-language phishing operations are exploiting compromised trading accounts to manipulate foreign stock prices, circumventing traditional security controls that prevent direct fund withdrawals.
Evolution from Mobile Wallet Theft
Ford Merrill, a security researcher at SecAlliance, has tracked this criminal evolution from basic phishing operations that initially targeted postal services and toll road operators between 2022 and 2024.
These early schemes used SMS phishing to steal payment card details, which were then enrolled into Apple and Google mobile wallets using victims’ one-time authentication codes.
“They’ll use all these victim brokerage accounts, and if needed they’ll liquidate the account’s current positions, and will preposition themselves in that instrument in some account they control, and then sell everything when the price goes up,” Merrill explained.
The criminal groups coordinate purchases of Chinese IPO stocks or penny stocks using multiple compromised accounts simultaneously, then dump shares after artificial price inflation.
Technical Exploitation Methods
The scheme exploits vulnerabilities in SMS-based two-factor authentication systems used by major brokerages. Phishing messages, distributed via Apple’s iMessage and Google’s RCS services, spoof platforms like Charles Schwab by warning of account suspensions.
Victims who click malicious links provide credentials on fake brokerage sites, then enter one-time SMS codes that grant attackers account access.
Popular phishing kit vendor “Outsider” (previously known as “Chenlun”) operates through Telegram channels, selling ready-made templates specifically targeting brokerage customers.
These kits demonstrate how attackers can customize phishing campaigns for different platforms, with current templates focused on Schwab customers but easily adaptable for other brokerages.
Industry Response and Perfect Crime Elements
Schwab confirmed awareness of this trend, stating they’ve communicated warnings to clients about trading-related fraud and actively monitor suspicious patterns. The company employs multiple authentication options, though most remain vulnerable to sophisticated phishing attacks.
Merrill describes the scheme as “really genius because it decouples so many things.” Criminals can purchase stocks through legitimate personal accounts on Chinese exchanges while simultaneously using compromised US accounts for manipulation, leaving few traceable connections between victims and perpetrators.
The rapid innovation cycle benefits from artificial intelligence integration, with criminal groups using large language models for development and translation tasks.
This technological advancement continues to lower entry barriers for cybercriminals while accelerating the sophistication of phishing operations targeting financial services.
The FBI issued a victim information request in February 2025, highlighting the scheme’s growing impact on investors who face “catastrophic collapse in share price that leaves investors with unrecoverable losses.”
Find this Story Interesting! Follow us on Google News , LinkedIn and X to Get More Instant Updates
The post Brokerage Clients Targeted in ‘Ramp and Dump’ Scam – Mobile Phishing Surge appeared first on Cyber Security News.
Discover more from RSS Feeds Cloud
Subscribe to get the latest posts sent to your email.