The FBI has issued a public service announcement about the rise of “smishing” scams targeting cell phone users who believe they have unpaid road tolls. The term “smishing” combines social engineering and phishing to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals.
In the past year, the FBI’s Internet Crime Complaint Center (IC3) has received over 2,000 complaints about these scams. The scammers send texts claiming to be from toll collection services in at least three states, warning recipients of an “outstanding toll amount” that must be paid immediately to avoid increased charges.
The links provided in the text messages mimic a state’s toll service name and trick recipients into clicking on them. Palo Alto Networks’ Unit 42 explains that scammers are using these tactics to entice users to reveal personal and/or financial information, including credit or debit card and account details.
The Federal Trade Commission (FTC) warns users who receive such texts that it’s likely a scam, and scammers can steal identities if links are clicked. The FTC advises users to be cautious and report any suspicious activity to the IC3.
To avoid falling victim to these scams, users can check the domain name of the link provided in the text message. Many of these links include the .XIN TLD, a toolkit built by Chinese cybercrime groups. Users should also delete any questionable messages they receive and take immediate action if personal information is shared or financial accounts are compromised.
The FBI recommends that recipients report phone numbers from toll collection services impersonators to the IC3 and take steps to secure their personal information, especially financial accounts.
Source: https://people.com/what-is-smishing-and-why-is-the-fbi-recommending-you-delete-iphone-and-android-text-messages-that-ask-to-pay-tolls-11696005