Residents all over the United States are currently facing an increase in text messages claiming to be from toll road operators like E-ZPass, warning of fines for unpaid toll fees. This surge in SMS spam aligns with new features integrated into a popular phishing kit sold in China. These features enable scammers to easily set up convincing traps pretending to be toll road operators from various states in the U.S.
Recently, the Massachusetts Department of Transportation (MassDOT) issued a warning to residents about a new SMS phishing scam targeting users of EZDriveMA, the electronic tolling program of MassDOT. Victims of this scam are prompted to provide payment card information and eventually asked to supply a one-time password sent via SMS or a mobile authentication app.
Similar reports of SMS phishing attacks targeting customers of state-run toll facilities have emerged in other states simultaneously with the MassDOT alert. In Florida, individuals reported receiving SMS phishing messages mimicking Sunpass, Florida’s prepaid toll program.
In Texas, people received text messages concerning unpaid tolls associated with the North Texas Toll Authority. Reports also came from readers in California, Colorado, Connecticut, Minnesota, and Washington, among other states. The emergence of these SMS phishing attacks coincided with the introduction of new capabilities in phishing kits that closely replicate the websites of toll operators when viewed on mobile devices.
Ford Merrill, a security researcher at SecAlliance, emphasized the significant increase in SMS phishing attacks impersonating toll road operators following the New Year. Chinese cybercriminal groups, known for selling advanced SMS phishing kits, have started offering new phishing pages that impersonate toll operators in various U.S. states. These cybercriminals are selling distinct SMS-based phishing kits to numerous customers, with the primary objective of obtaining enough information from victims to add their payment cards to mobile wallets for illicit purchases or money laundering.
The prevalence of SMS phishing attacks mimicking toll road operators is part of a trend where Chinese smishing groups move from engaging in package redelivery schemes to toll road scams. These criminals previously targeted individuals with package-related scams and are now shifting their focus to toll-related scams.
In the realm of SMS phishing, Chinese smishing groups have recently begun leveraging iMessage technology and RCS, a rich text messaging feature in Android devices, to improve the deliverability of their spam messages. By incorporating these technologies, these scammers can evade traditional filtering mechanisms employed by telecom operators, enhancing their success rate in reaching potential victims.
The motive behind the selection of targets by these phishers and the source of their data remain unclear. MassDOT has cautioned that the phone numbers targeted in these scams appear to be chosen randomly and are not necessarily linked to an account or usage of toll roads. Despite this randomness, individuals who do not even own a vehicle have reported receiving SMS phishing messages from toll operators.
It is crucial for recipients of these messages to avoid visiting the phishing sites operated by criminals in real-time. Instead, individuals are advised to disregard or delete these messages and refrain from interacting with the provided links. The FBI encourages victims to file a complaint with the Internet Crime Complaint Center (IC3) and provide details such as the originating phone number and website listed in the text message. By taking these steps, individuals can help combat the spread of SMS phishing scams targeting toll road users across the United States.