The Federal Bureau of Investigation (FBI) has issued a nationwide alert about an increase in “smishing” attacks targeting iPhone and Android users across the United States. These attacks involve fraudulent text messages designed to obtain sensitive personal and financial information from recipients, building on a growing trend of sophisticated phishing techniques that bypass traditional security measures.
The scam, known as “smishing” – a combination of “SMS” and “phishing” – has evolved from initial fake toll payment notifications to include counterfeit delivery service alerts. Cybercriminals have registered more than 10,000 domains to support these scams, which have increased fourfold since January 2025. The surge follows a pattern identified in earlier regional attacks targeting state-specific toll payment systems.
According to the FBI’s Internet Crime Complaint Center (IC3), over 2,000 complaints have been received regarding smishing texts purporting to represent road toll collection services from at least three states. The scammers use an advanced phishing kit originating from China to distribute nearly identical scam texts, often using Chinese top-level domains such as .TOP, .CYOU, and .XIN. The operation matches a broader pattern of Chinese cybercrime groups exploiting mobile payment systems.
A McAfee report indicates that Dallas, Atlanta, Los Angeles, Chicago, and Orlando have been the most affected cities, with Miami, Houston, Denver, Phoenix, and Seattle also experiencing significant targeting. “The texts claim the recipient owes money for unpaid tolls and contain almost identical language. The ‘outstanding toll amount’ is similar. However, the link provided within the text is created to impersonate the state’s toll service name, and phone numbers appear to change between states,” the FBI has stated.
Cybersecurity experts believe the operation functions as a “franchise model,” with toolkits likely sourced from Chinese cybercriminal groups. “What started as a toll scam has grown into a sophisticated operation targeting unsuspecting Americans with fake alerts about unpaid bills or undelivered packages,” said a Unit 42 spokesperson. The development corresponds with Google’s recent implementation of enhanced Android security features designed to combat such threats.
The Federal Trade Commission (FTC) has identified these malicious links as presenting dual threats of financial theft and identity fraud. The FBI recommends that users delete suspicious texts immediately without engaging with them and verify any payments directly through official toll or delivery service websites. Security experts also suggest enabling additional authentication measures on mobile devices to provide an extra layer of protection against such attacks.
Sources: Times of India, Times of India, CyberGuy
Follow Us