Mobile Phishers Target Brokerage Accounts in ‘Ramp and Dump’ Cashout Scheme

Researchers observed China-based phishing kit vendors selling advanced mobile phishing tools on Telegram that steal credentials and phish one-time codes to enroll payment cards into attackers’ mobile wallets and to hijack brokerage accounts; attackers then use multiple compromised brokerage accounts in coordinated 'ramp-and-dump' trades to inflate and dump penny/IPO stocks, causing investor losses. The report notes active exploitation (FBI/FINRA attention), seller demonstrations (e.g., “Outsider”), use of phishable MFA channels, and operational scale including bulk phone sales and human operators, with some banks adopting stronger wallet enrollment controls.