1. Forum
  2. FidoNet
  3. CONSPRCY

  • Massive SMS scam sweeping

    From Mike Powell@1:2320/105 to All on Sat Mar 15 09:09:00 2025
    A massive SMS toll fee scam is sweeping the US heres how to stay safe, according to the FBI

    Date:
    Sat, 15 Mar 2025 10:45:00 +0000

    Description:
    A widespread SMS scam is targeting thousands of smartphone users in the US here's how to stay safe.

    FULL STORY ======================================================================
    - US smishing scam claims that unpaid toll service fees are due
    - SMS messages include a bogus link to make an online payment
    - Cybercriminals are using more than 10,000 domains to trick recipients

    A widespread SMS scam is targeting thousands of smartphone users in the US. Fraudsters are sending bogus texts demanding payment for unpaid road tolls. Their goal isnt just to swindle innocent recipients out of their money, but also their personal and financial information.

    Reports of the smishing scam first surfaced last year. In April 2024, the
    FBIs Internet Crime Complaint Center (IC3) issued a notice about fake toll service text messages , after receiving more than 2,000 complaints from US citizens.

    Since then, the scale of the scheme appears to have grown. Cities in several
    US states have now issued warnings, including Boston , Denver and San
    Francisco . McAfee has also highlighted cities most affected by the scheme:
    the top three are Dallas, Atlanta and Los Angeles.

    How the smishing scam works

    Based on screenshots weve seen, text messages in the toll scam all appear to follow a similar structure. Each SMS claims to be from a legitimate toll service and states that there is an unpaid fee. It then instructs the
    recipient to pay the outstanding toll within a set time period to avoid late fees and a referral to the DMV. A URL is then provided, which directs uses to
    a bogus payment page.

    This page is designed to look convincingly like a legitimate toll service payment website. It will often feature a logo, business name and street address. It will also state the supposed time and date of the unpaid fee. A threat actor leveraging the same naming pattern has registered 10K+ domains
    for various #smishing scams. They pose as toll services for US states and package delivery services. Root domain names start with "com-" as a way to trick victims.

    If you click the payment link, the website will then ask for payment information. Sometimes it will also request sensitive personal information, such as your driving license number. If you submit this information, youre actually giving it to the fraudsters, exposing yourself to identity theft.

    The scam uses the same tactics as most phishing scams , creating a sense of urgency by demanding payment within a short time period. The threat of legal action increases the likelihood of an emotional reaction , which could cause users to overlook inconsistencies in the original SMS or linked payment page.

    The scam uses the same tactics as most phishing scams, creating a sense of urgency by demanding payment within a short time period.

    Reports also suggest that there are variations of the scam. In some
    instances, it appears that cybercriminals have varied the contents of the SMS and payment page to target users in specific states. One screenshot weve seen claims to be from the City of New York. For some recipients, this could make the message more believable than a generic alert.

    Recent intelligence from Palo Alto Networks Unit 42 reports that scammers
    have registered more than 10,000 domain names. Each of these is designed to
    be ambiguous enough that a casual glance might not reveal the deceit. Not
    only do the new domains suggest that the scam is still ongoing, but certain URLs indicate that it could be expanding to include fake messages from delivery companies an increasingly common tactic .

    Here are a few of the domains listed in the notice: dhl.com-new[.]xin driveks.com-jds[.]xin ezdrive.com-2h98[.]xin
    ezdrivema.com-citations-etc[.]xin ezdrivema.com-securetta[.]xin e-zpassiag.com-courtfees[.]xin e-zpassny.com-ticketd[.]xin fedex.com-fedexl[.]xin getipass.com-tickeuz[.]xin sunpass.com-ticketap[.]xin thetollroads.com-fastrakeu[.]xin usps.com-tracking-helpsomg[.]xin

    How to stay safe

    As with any smishing or phishing scam, the best way to stay safe is to
    practice caution. If you receive an unexpected SMS about unpaid toll fees, theres a good chance its a scam. Pause before you act on any information in
    the message and dont click on any links.

    Pay attention to details in the message. Scam texts will often feature grammatical errors or formatting inconsistencies, such as the placement of punctation. A closer look at the URL will often reveal that its illegitimate, too.

    If in doubt, contact the genuine toll service in question. Never click the
    link in the SMS. Instead, find the services real website or contact number using a trusted search engine and reach out for clarification.

    The scam is now so extensive that the US Federal Trade Commission has issued advice to the same effect, as has the FBI. If you do discover a bogus or suspicious SMS, the instructions of both agencies are the same: report and delete the messages. You can do this on the IC3 website .

    ======================================================================
    Link to news story: https://www.techradar.com/computing/cyber-security/a-massive-sms-toll-fee-scam -is-sweeping-the-us-heres-how-to-stay-safe-according-to-the-fbi

    $$
    --- SBBSecho 3.20-Linux
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)