Hacked

Inside the Smishing Triad

Dec 15, 2025
Ford Merrill, Senior Director of Research and Innovation at Sec Alliance and security researcher, breaks down Lighthouse and the smishing triad. He describes industrialized phishing kits, wallet provisioning that turns stolen cards into tap-to-pay phones, and the specialized mule and laundering networks that monetize fraud. He also covers takedown challenges, automation at scale, and where these operations find new techniques.
Ask episode
AI Snips
Chapters
Transcript
Episode notes
ANECDOTE

On-Screen Card Scans And OTP Capture

  • Attackers generate an on-screen visual of the victim's card then scan it with a phone to bypass manual entry.
  • They prompt the victim for the SMS OTP which auto-fills, completing provisioning in real time.
INSIGHT

How Provisioned Cards Are Monetized

  • After provisioning, attackers use merchant-account laundering and gift-card purchases to monetize cards.
  • Physical tap-to-pay laundering uses purchased POS terminals and mules to avoid geographic and camera risks.
ANECDOTE

Mules Use NFC Relay To Spend Stolen Cards

  • Mules are recruited via social platforms and given Android apps to receive remotely-relayed NFC payments.
  • Handlers relay victim-wallet NFC to field phones so mules can tap to pay at self-checkouts and kiosks.
Get the Snipd Podcast app to discover more snips from this episode
Get the app