HomeIntelligenceBrief
BREACH BRIEF🟠 High ThreatIntel

Chinese Phishing‑as‑a‑Service Platforms Bypass MFA and Tokenize Stolen Payment Data Globally

Google Threat Intelligence uncovered a surge in Chinese‑language phishing‑as‑a‑service offerings that now intercept one‑time passcodes and tokenise payment data, targeting non‑Chinese brands in 119 countries. The shift to AI‑generated pages and encrypted delivery channels threatens MFA‑dependent controls across supply chains.

LiveThreat™ Intelligence · 📅 May 26, 2026· 📰 helpnetsecurity.com
🟠
Severity
High
TI
Type
ThreatIntel
🎯
Confidence
High
🏢
Affected
4 sector(s)
Actions
3 recommended
📰
Source
helpnetsecurity.com

Chinese Phishing‑as‑a‑Service Platforms Target Global Enterprises, Bypass MFA with Real‑Time Token Capture

What Happened – Google Threat Intelligence identified at least a dozen Chinese‑language phishing‑as‑a‑service (PhaaS) operations that now offer live admin panels capable of intercepting one‑time passcodes and tokenizing stolen payment data. The services use AI‑generated pages, encrypted delivery channels (RCS, iMessage) and Telegram promotion to reach victims in 119 countries.

Why It Matters for TPRM

  • Real‑time MFA interception defeats a core control many third‑party risk programs rely on.
  • AI‑generated, unique phishing pages evade signature‑based detection, increasing the likelihood of successful credential theft from vendors.
  • The services target non‑Chinese brands, meaning your global supply chain could be exposed even if you never do business in China.

Who Is Affected – Financial services, SaaS providers, e‑commerce, telecom, and any organization that relies on MFA and digital‑wallet provisioning for employee or customer accounts.

Recommended Actions

  • Review MFA implementation across all vendors; consider phishing‑resistant authentication (e.g., FIDO2).
  • Augment email and SMS filtering with behavioral analytics that detect encrypted delivery channels.
  • Require vendors to demonstrate phishing‑resilience testing, especially against AI‑generated pages.

Technical Notes – Attack vector: phishing (phishing‑as‑a‑service) leveraging AI page generation, live admin panels, and encrypted messaging to capture OTPs and tokenized payment data. No specific CVE cited. Data types at risk include login credentials, OTPs, and payment‑card information. Source: Help Net Security

📰 Original Source
https://www.helpnetsecurity.com/2026/05/26/chinese-language-phishing-services/

This LiveThreat Intelligence Brief is an independent analysis. Read the original reporting at the link above.

From the Verisq platform · Security Awareness

Phishing and social engineering are a people-and-policy problem.

The Verisq AI Trust Operations platform pairs Security Awareness Training with policy adoption tracking, so human-risk controls are documented and audit-ready.

Explore the Verisq AI Trust Operations platform →