A widespread scam is sending fake text messages to mobile phones, claiming that toll road violations have resulted in unpaid fines. The scammers aim to trick people into paying phantom fines, which can range from under $25 to excessive penalties.
Federal authorities, including the FBI and FTC, are tracking and investigating this social engineering attack, known as smishing (phishing over SMS). While not a new tactic, the inclusion of toll road violations is a novel spin on existing attacks.
Cybercriminals know that text messages are personal and time-sensitive forms of communication. Scammers have been using phishing kits originating from China, targeting individuals with low-dollar amounts requested in these messages. The scammers’ goal is to obtain sensitive information like credit card numbers.
Researchers attribute the scam to familiar cybercriminals using tens of thousands of URLs and registering new domains to evade detection. These malicious sites often appear legitimate but use uncommon top-level domains associated with cybercrime.
Legitimate toll road collection domains are inconsistent, making it difficult for users to distinguish between genuine and fake messages. Researchers have discovered up to 57,000 malicious URLs directly linked to the scam.
To avoid falling victim to this scam, experts recommend exercising caution when receiving unexpected texts from unknown senders. Users should report unwanted texts as spam, block the number, and forward the message to 7726 (SPAM) to report it to their wireless provider.
Source: https://cyberscoop.com/toll-road-text-message-scam-swells-nationwide-how-to-stop