Researchers Identify 'Smishing' Attack that Uses AWS SNS

A first-of-its-kind "smishing" attack is using Amazon Web Services' Simple Notification Service, or SNS, to impersonate the United States Postal Service.

"Smishing" refers to an attack in which phishing messages are sent in bulk via SMS. This particular attack, which was recently described by researchers at SentinelLabs (which is owned by security firm SentinelOne), sent messages that "often [took] the guise of a message from the United States Postal Service (USPS) regarding a missed package delivery," with the goal of stealing customers' payment card details, addresses and other personally identifiable information.

SentinelLabs identified the culprit as a Python-based script called "SNS Sender." Its success relies on access to compromised AWS SNS credentials from accounts that have opted out of AWS' SNS sandbox security measures. It may be the first such script to do so, based on the researchers' findings.

"SNS Sender is the first script we encountered using AWS SNS to send spam texts," they said in a blog post last week. "While other tools like AlienFox have used business to customer (B2C) communications platforms such as Twilio to conduct SMS spamming attacks, we are unaware of existing research that details tools abusing AWS SNS to conduct such attacks."

The attack only works if the AWS SNS account holder is not using the protected sanbox option. The SNS sandbox, which AWS implements by default, lets users test their SMS messages by first sending them to a limited number of verified recipients. That limit only gets removed after the account holder petitions AWS to move out of the sandbox and into production.

More detailed information about SNS Sender's inner workings is in the SentinelLabs blog. To protect their AWS SNS credentials, the researchers recommend that account holders review AWS' guidance for moving out of the sandbox and "how to change sending limits."

In addition, "Identity and Access Management (IAM) administrators should review identity best practices to optimize their organization's security posture," the report suggested.

The full report is available here on the SentinelLabs site.

About the Author

Gladys Rama (@GladysRama3) is the editorial director of Converge360.

Featured

  • glowing digital brain-shaped neural network surrounded by charts, graphs, and data visualizations

    Google Releases Advanced AI Model for Complex Reasoning Tasks

    Google has released Gemini 2.5 Deep Think, an advanced artificial intelligence model designed for complex reasoning tasks.

  • abstract pattern of cybersecurity, ai and cloud imagery

    OpenAI Report Identifies Malicious Use of AI in Cloud-Based Cyber Threats

    A report from OpenAI identifies the misuse of artificial intelligence in cybercrime, social engineering, and influence operations, particularly those targeting or operating through cloud infrastructure. In "Disrupting Malicious Uses of AI: June 2025," the company outlines how threat actors are weaponizing large language models for malicious ends — and how OpenAI is pushing back.

  • cybersecurity book with a shield and padlock

    NIST Proposes New Cybersecurity Guidelines for AI Systems

    The National Institute of Standards and Technology has unveiled plans to issue a new set of cybersecurity guidelines aimed at safeguarding artificial intelligence systems, citing rising concerns over risks tied to generative models, predictive analytics, and autonomous agents.

  • magnifying glass highlighting a human profile silhouette, set over a collage of framed icons including landscapes, charts, and education symbols

    AWS, DeepBrain AI Launch AI-Generated Multimedia Content Detector

    Amazon Web Services (AWS) and DeepBrain AI have introduced AI Detector, an enterprise-grade solution designed to identify and manage AI-generated content across multiple media types. The collaboration targets organizations in government, finance, media, law, and education sectors that need to validate content authenticity at scale.