Missed the live session? Watch the full panel discussion featuring experts from Constella, WMC Global, and the Oklahoma Turnpike Authority as they break down the mobile phishing supply chain and what defenders can do right now.
Why This Session Matters
Phishing-as-a-service is no longer a tactic. It’s an industrialized supply chain, and mobile is its primary delivery channel. On April 30, 2026, Constella Intelligence and WMC Global hosted a no-slides practitioner panel to unpack how these campaigns are built, why they’re so difficult to shut down, and what security teams can actually do today.
What the Panel Covers
- The PhaaS Supply Chain: Why smishing is a three-layer production system and why blocking individual messages no longer works.
- Mobile as the Advantaged Channel: How RCS encryption and password reuse turn personal phishing into enterprise ransomware risk.
- Toll Road Fraud: Why losses dispersed across dozens of banks mean no one entity ever acts, and how scammers designed it that way.
- The Exfiltration Pipeline: What’s actually in a smishing exfil file, and where it goes after collection (hint: mostly Telegram, not the dark web).
- Session Hijacking: Real-time example from the week of the panel: phishing campaigns sent from a hijacked WhatsApp account.
- 30-Day Practitioner Actions: Three concrete steps from the panelists, including eliminating SMS-based 2FA at the enterprise level.
Expert Panelists
- Andres Andreu: CEO, Constella, 4X CISO | Moderator
- Alberto Casales: CTO, Constella, Co-founder | Dark Web & Intelligence Expert
- Ian Matthews: Founder & President, WMC Global, Mobile threat intelligence | SMS infrastructure pioneer
- Josh Swenson: Chief Information Officer, Oklahoma Turnpike Authority, Public sector practitioner perspective