Exploiting SMS: Threat Actors Use Social Engineering to Target Companies

Cofense PDC observed a smishing campaign that sends urgent SMS messages containing a Google redirect to a malicious domain (resolveservicedesk.com) which impersonates ServiceNow to harvest credentials and fake MFA prompts. The report documents the SMS lure, redirect behavior, the phishing landing page, and provides observed infection and payload URLs with associated IP addresses to aid detection and response.