The FBI has issued a nationwide warning about a new wave of “smishing” attacks spreading across the United States.
Smishing texts are fraudulent messages sent via SMS (Short Message Service) or text messaging with the intent to trick recipients into revealing personal information, such as passwords, credit card details or other sensitive data.
The term “smishing” is a combination of “SMS” and “phishing,” referring to deceptive tactics used to manipulate individuals into providing confidential information.
Cybercriminals have registered more than 10,000 domains to fuel these scams, which target iPhone and Android users with fraudulent text messages designed to steal personal and financial information.
Authorities urge recipients to delete any suspicious messages immediately.
A new report from cybersecurity firm Palo Alto Networks’ Unit 42, the company’s research division that specializes in threat intelligence and incident response, reveals that these scams lure victims into providing sensitive data, including credit card and bank account details.
Initially centered on fraudulent toll payment notifications, the campaign has expanded to include fake delivery service alerts, tricking users into clicking malicious links.
For months, state and local authorities have been raising alarms about the toll scam, which falsely claims that recipients owe unpaid toll fees.
The Federal Trade Commission (FTC) warns that clicking on these links not only risks financial theft but also exposes victims to identity fraud.
The fraudulent messages follow a common pattern: They claim that an unpaid bill requires immediate action to avoid penalties.
The text includes a link directing users to a payment portal — which is where the scammers’ vast network of domains comes into play.
Since Apple’s iMessage blocks suspicious links, scammers now instruct users to copy and paste the URL into their web browser, making detection harder.
Cybersecurity experts believe that the scam operates as a franchise model, leveraging tool kits from Chinese cybercriminal groups.
Unit 42 identified numerous malicious domains, many using China’s .XIN top-level domain (TLD), including:
- dhl.com-new[.]xin
- fedex.com-fedexl[.]xin
- ezdrive.com-2h98[.]xin
- e-zpassny.com-ticketd[.]xin
- sunpass.com-ticketap[.]xin
- thetollroads.com-fastrakeu[.]xin
The FTC advises that legitimate US toll services and delivery companies would never redirect users to foreign domains.
A report from cybersecurity firm McAfee highlights cities most affected by these scams.
Dallas, Atlanta, Los Angeles, Chicago and Orlando are among the top five — with other heavily targeted areas including Miami, Houston, Denver, Phoenix and Seattle.
Authorities have noted a fourfold increase in these scams since January.
The danger of these scams was underscored by Louisiana Attorney General Liz Murrill, who revealed that she herself was targeted.
“I received this text as well. It is a scam. If you ever receive a text that looks suspicious, be sure to never click on it. You don’t want your private information stolen by scammers,” she warned.
Some variations of the scam have introduced additional deceptive tactics.
A local news investigation in Detroit found that when victims attempted to make a payment, they received an error message claiming their card had been declined.
This trick encourages them to enter multiple card details, giving scammers access to more financial information.
The FBI urges the public to follow these steps if they receive a suspicious text:
- File a complaint with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov, providing details of the phone number and website listed in the text.
- Visit the legitimate toll service’s website or contact their customer service to verify outstanding payments.
- Delete any smishing messages immediately.
- If personal or financial details have been compromised, take immediate steps to secure your accounts and dispute any unauthorized transactions.
Similarly, the FTC advises:
- Avoid clicking on links or responding to unexpected texts.
- Verify messages by contacting the relevant tolling agency through official channels.
- Report and delete scam texts, using the “report junk” feature on smartphones or forwarding them to 7726 (SPAM).
Cybersecurity firm Zimperium has warned that cybercriminals are increasingly adopting a “mobile-first attack strategy” due to the vulnerability of users on small-screen devices.
The convenience of smartphones makes people more likely to click on text messages than emails, heightening the risk of falling for such scams.
With smishing scams evolving and spreading at an alarming rate, authorities continue to emphasize vigilance.
The public is encouraged to remain cautious and avoid interacting with unsolicited messages, ensuring that their personal and financial information remains protected.
