The Federal Bureau of Investigation (FBI) has issued a nationwide warning regarding a significant surge in “smishing” attacks targeting citizens across the United States. These attacks involve fraudulent text messages designed to steal personal and financial information. Cybercriminals are employing increasingly sophisticated tactics, prompting the FBI and other agencies to urge extreme caution. It is critical to delete any suspicious texts.
How Smishing Scams Work: Tactics and Techniques
Smishing scams use SMS or text messaging to deceive recipients into revealing sensitive information such as passwords and credit card details. These texts often create a sense of urgency, claiming an unpaid bill requires immediate payment to avoid penalties. The messages include links to fake payment portals designed to steal financial data.
- Deceptive Texts : The texts frequently claim an unpaid bill (toll, parking, or delivery) requires immediate payment to avoid penalties.
- Malicious Links : These links direct users to fake payment portals designed to steal financial information.
- Circumventing Security Measures : Scammers adapt to security measures by instructing users to copy and paste links into their browsers.
- Trickery and Manipulation : Some scams falsely indicate a card was declined to prompt users to enter multiple card details.
The Expanding Scope: From Tolls to Delivery Services
Initially, these scams focused on unpaid toll fees but have expanded to include fake delivery service alerts and unpaid parking invoices. This expansion increases the likelihood that individuals will fall victim to these schemes.
Chinese Cybercrime Groups and Technical Details
Cybersecurity experts believe that these scams leverage toolkits built by Chinese cybercrime groups. Unit 42 has identified numerous malicious domains, many using China’s “.XIN” top-level domain (TLD). Examples include dhl.com-new[.]xin, fedex.com-fedexl[.]xin, and e-zpassny.com-ticketd[.]xin.
Geographic Hotspots: Cities Under Threat
While these scams are nationwide, certain cities are more heavily targeted. McAfee identified the top five cities as Dallas, Atlanta, Los Angeles, Chicago, and Orlando. Other heavily targeted areas include Miami, Houston, Denver, Phoenix, and Seattle.
Official Recommendations and Protective Measures
The FBI and FTC have issued clear guidance to help individuals protect themselves from smishing scams. Key recommendations include:
- FBI Advice :
- File a complaint with the IC3 (Internet Crime Complaint Center): www.ic3.gov.
- Check your account using the toll service’s legitimate website.
- Contact the toll service’s customer service phone number.
- Delete any smishing texts received.
- Secure personal and financial accounts and dispute any unfamiliar charges if you clicked a link or provided information.
- FTC Advice :
- Don’t click on any links in or respond to unexpected texts.
- Verify messages by contacting the relevant tolling agency through official channels.
- Report and delete scam texts, using the “report junk” feature on smartphones or forwarding them to 7726 (SPAM).
The Mobile-First Attack Strategy
Cybersecurity firm Zimperium warns that cybercriminals are moving to a “mobile-first attack strategy” due to user vulnerability on smaller screens. Smartphones’ convenience makes people more likely to click on text messages than emails, increasing the risk of falling for these scams.
Smishing scams represent a significant and evolving threat to individuals across the United States. Vigilance, adherence to official recommendations, and public awareness are crucial to mitigating the impact of these scams.