The FBI is warning iPhone and Android users in the U.S. to delete phony text messages claiming to be from toll road services, delivery companies and government agencies. Scammers have targeted citizens in multiple states using this tool to steal personal and financial information.
What are “smishing texts?”
Newsweek reported that these threat actors use “smishing texts” (phishing attacks through SMS) from 10,000 newly registered domains, using fake payment requests to access iPhone and Android users’ sensitive information. This cyber threat has been ongoing for a year now.
The FBI issued a public service announcement warning Americans about these smishing texts, which vary by state in the information they provide.
“The texts claim the recipient owes money for unpaid tolls and contain almost identical language,” the FBI stated. “The “outstanding toll amount” is similar among the complaints reported to the IC3. However, the link provided within the text is created to impersonate the state’s toll service name, and phone numbers appear to change between states.”
The Federal Trade Commission also warned Americans about the cyber threat and what scammers are looking to gain from it:
“Not only is the scammer trying to steal your money, but if you click the link, they could get your personal info (like your driver’s license number) — and even steal your identity,” the FTC said.
The domains used in the texts were from Chinese cybercriminal groups
The FBI also stated that the fake text messages always mention a minimal balance the person owes and provide a link for payment.
“(State Toll Service Name): We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit [malicious website link] to settle your balance.”
According to Forbes, Palo Alto Networks’ Unit 42, a cybersecurity organization that provides threat intelligence, incident response and cyber risk assessments, shared a report about the cyber threat and how Chinese cybercriminal groups likely created the domains. The company stated that the Chinese “.XIN TLD” is added at the end of the following domains:
- dhl.com-new[.]xin
- driveks.com-jds[.]xin
- ezdrive.com-2h98[.]xin
- ezdrivema.com-citations-etc[.]xin
- ezdrivema.com-securetta[.]xin
- e-zpassiag.com-courtfees[.]xin
- e-zpassny.com-ticketd[.]xin
- fedex.com-fedexl[.]xin
- getipass.com-tickeuz[.]xin
- sunpass.com-ticketap[.]xin
- thetollroads.com-fastrakeu[.]xin
- usps.com-tracking-helpsomg[.]xin
Bleeping Computer reported that major U.S. cities, including Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego and San Francisco, have been targeted, with smartphone users receiving phishing text messages.
However, in recent weeks, nearly 20 cities have been the most targeted between January and February, according to McAfee, per Forbes:
- Dallas
- Atlanta
- Los Angeles
- Chicago
- Orlando, Florida
- Miami
- San Antonio
- Las Vegas
- Houston
- Denver
- San Diego
- Phoenix
- Seattle
- Indianapolis
- Boardman, Ohio
New York has also reported receiving easy-to-identify phishing texts. The texts contained the dollar amount the person allegedly owed, with the dollar sign after the amount instead of before.
McAfee also highlighted the most targeted cities:
“Look both ways for a new form of scam that’s on the rise, especially if you live in Dallas, Atlanta, Los Angeles, Chicago or Orlando — fake toll road scams. They’re the top five cities getting targeted by scammers,” the company stated, according to Forbes.
What should you do after receiving a smishing text?
The FBI provided steps to protect against text scams: File a complaint with the IC3 at www.ic3.gov, including the phone number and website from the text. Verify accounts through legitimate toll service websites, contact customer service and delete smishing texts. If information was shared or links clicked, secure personal and financial accounts and dispute any unfamiliar charges.
