'Smishing' attacks are rapidly increasing, with billions of spam texts sent in the US in February 2025 alone.
These scams often impersonate toll road operators (like E-ZPass) or delivery services, using urgent language to trick recipients.
Attackers are registering numerous domains mimicking state and city toll agencies.
Many of these malicious domains use Chinese top-level domains (e.g., .TOP, .CYOU, .XIN).
This isn't just about small toll amounts; the goal is to steal credit card numbers and even identities.
Why this matters:: This attack is infrastructural, impacting a vast number of users and potentially leading to significant financial and identity theft.
The attacks leverage an upgraded phishing kit sold in China, simplifying the process of sending texts and launching phishing sites. The texts often contain similar language, claiming an outstanding toll amount and providing a link to a fraudulent website. While the phone numbers used to send the messages are often random, the top-level domains are frequently Chinese. This has raised concerns about compliance issues with certain domain registries. Networks and phone OS makers are struggling to block these texts effectively due to the open nature of SMS and RCS protocols. The Australian Federal Police has also reported a similar attack spoofing the identity of a crypto exchange.
Q: What is smishing?
Smishing is a phishing attack that uses text messages to trick people into sharing sensitive information or downloading malware.
Q: What should I do if I receive one of these texts?
Delete the text immediately. Do not click on any links. You can report the scam.
Q: What if I already clicked the link?
Check your accounts and change your key passwords, especially for communications and finance platforms. Contact your bank or credit card company to report any unauthorized charges.
Be skeptical of unexpected texts, especially those demanding immediate payment or threatening penalties.
Verify any toll-related notices by directly visiting the official website of the toll agency.
Never click on links in unsolicited texts or emails.
Consider signing up for an official electronic toll account to manage payments directly.
Use credit cards instead of debit cards for better fraud protection.
Have you received a suspicious text message like this? Let us know! Share this article with others who need to stay ahead of this trend!
South Korea's e-commerce giant Coupang has been hit with a record-breaking fine exceeding $400 million (£299 million) by the Personal Infor...
Recent actions and statements from Iran have highlighted the vulnerability of undersea internet cables, particularly in the Strait of Hormuz...
The increasing reliance on data centers in the Middle East by U.S. tech companies has inadvertently exposed their infrastructure to regional...
In 2026, cybersecurity regulations are tightening worldwide, compelling organizations to enhance their defense strategies and incident respo...
⚠ Disclaimer: Yanuki provides article summaries and links for reference only. Yanuki does not endorse, verify, or guarantee the accuracy of third-party sources. Please review original sources and verify information independently. Managed by the Yanuki Data Engine. Full Disclaimer