This text attack takes place in China.
Anadolu agency about Getty Images
Stop sending texts, the FBI told the Americans in December when Chinese hacker marauded by US networks. But the office warns that there is another text threat that now sweeps “from state to state” over America, and this is more of you when you steal your money, maybe even your identity. And it is also made in China.
We talk about the “Smishing” texts that are now aimed at iPhone and Android telephones throughout America with fake toll bills. The FBI calls on users to delete these texts immediately, and there are many of them. The scale of it is now so “astronomical”, suggests a cyber expert that it would be “alarming to know what the real costs are”. It is certainly more than a fraud, it is an attack, says Trend Micro. And it is out of control.
In a new report, the anti-phishing working group (APWG) paints a dark picture. “The residents of the United States are bombarded by text messages from Chinese phisher, with the US Toll-Straße operators, including the Multi-State Ezpass.” Do not only release this as toll fraud. The same kits drive parcel delivery and other fake messages with the same operation concept, only different text and links. This can be tailored to every bait. It is an infrastructure attack on our phones, not a single campaign.
And don’t let this out as a trick to steal a few dollars – that’s not the point at all. “You don’t take care of the seven dollars,” says Aidan Holland of Censys, “you want your credit card number.” The FTC says that it is even worse that its identification could be stolen.
“The texts,” says the FBI, “claims that the recipient owes money for unpaid tolls and contains an almost identical language. The” outstanding toll amount “is similar. However, the link provided in the text is created to have the name of the state, and the telephone numbers seem to change between the states.”
The reason why these are different on the left is that the attackers register tens of thousands of domains in order to imitate state and urban fee agencies and lock clicks. And the reason why the texts all appear similar is that they are sold by “a phishing kit sold in China, which makes it easy to send text messages and start phishing websites that fake the great road operators in several US states”.
This is the core of the warning of APWG, which indicates that “the telephone numbers to which the Phisher send the messages are usually random – they are sometimes sent to people who do not use toll roads at all or address users in the wrong condition. Some of the text messages are sent from other countries in countries as China.”
The Chinese text attack increases
Guardio
But the domains on the best level are almost always Chinese, which is “a way to recognize these fraud messages. Search for” less well -known domains on the highest level such as .top, .cyou and .xin “. In particular, the top domain” has a remarkable story to be used by Phisher. “
It gets interesting here. APWG says: “The top register has many years of compliance problems. In July 2024, Icann gave a violation of the .top register. Cited. SOCKS fail to meet the requirements of abuse reports and reduction in damage, and the case is still an unresolved on Icann’s websites after March 2025.”
It should be pretty easy to stop, right? Certainly, the networks or OS manufacturers of networks can block texts with these links or make new anti-scam measures to prevent them from making phones. Incorrect. SMS and now RCS are open protocols, and while anti-spam measures are said not to be available, they do not work. That should be simple – it is clearly not.
Trend Micro has a whole section on its website that is dedicated to toll fraud. The company’s Jon Clay announced CNBC this week that “Apple is not doing anything about it … Android will add it to your spam list so that you do not receive any texts from the same number, but then the fraudsters only change the numbers. Apple has done a wonderful job to say that your phone is secure, and you are not from this kind of attack.”
According to APWG, recipients of such fraudsters – of which there are probably hundreds of thousands – can “help to update alarms/blocking mechanisms, protect the billions of devices and software worldwide” by reporting them to the IC3.GOV of the FBI or directly at APWg.org/sms.
In the meantime, the FBI says: “Check your account using the legitimate website of the toll service, contact the telephone number of the customer service of the customer service of the toll service and delete all received Smishing texts.” If you click on the link and provide information, check your accounts and change your key passwords, even if you have not made any payment.
(Tagstotranslate) great fraud
