Hacked Inside the Smishing Triad
Dec 15, 2025
Ford Merrill, Senior Director of Research and Innovation at Sec Alliance and security researcher, breaks down Lighthouse and the smishing triad. He describes industrialized phishing kits, wallet provisioning that turns stolen cards into tap-to-pay phones, and the specialized mule and laundering networks that monetize fraud. He also covers takedown challenges, automation at scale, and where these operations find new techniques.
AI Snips
Chapters
Transcript
Episode notes
On-Screen Card Scans And OTP Capture
- Attackers generate an on-screen visual of the victim's card then scan it with a phone to bypass manual entry.
- They prompt the victim for the SMS OTP which auto-fills, completing provisioning in real time.
How Provisioned Cards Are Monetized
- After provisioning, attackers use merchant-account laundering and gift-card purchases to monetize cards.
- Physical tap-to-pay laundering uses purchased POS terminals and mules to avoid geographic and camera risks.
Mules Use NFC Relay To Spend Stolen Cards
- Mules are recruited via social platforms and given Android apps to receive remotely-relayed NFC payments.
- Handlers relay victim-wallet NFC to field phones so mules can tap to pay at self-checkouts and kiosks.