PointyPhish & TollShark

Analysis by CTM360
hero background graphics
CTM360 uncovers PointyPhish and TollShark scam campaigns using Darcula Phishing Kit to mimic trusted brands and steal personal data via SMS-based phishing websites

Overview

In this latest report, CTM360 tracks a coordinated wave of SMS-based phishing campaigns, PointyPhish and TollShark: responsible for over 5,000 phishing domains globally. These scams impersonate trusted brands, from banks to toll authorities, using urgent messages to trick victims into submitting personal and financial information via fake landing pages.

Our threat analysts leveraged CTM360’s Scam Navigator to map the full lifecycle of these attacks from SMS bait to data theft.

A key highlight of this investigation includes insights into Darcula, a phishing-as-a-service (PhaaS) platform used by threat actors to deploy and manage these scams at scale. The exposed Darcula admin panel provided rare visibility into how cybercriminals orchestrate campaigns, log victim data in real time, and manage multi-channel delivery infrastructure.

For screenshots, tactics, and recommendations,
read the full report: