Dallas is currently No. 1 of the top fifteen cities targeted by scammers in a smishing campaign, according to online security company McAfee.
Residents in other cities, including Atlanta, Los Angeles, Chicago, and Orlando, have also been hit with a surge of scam texts. Most of the texts purport to be an alert about an unpaid toll tag bill that needs to be paid immediately. The text message includes a link to a website where the unsuspecting victims are asked to enter their payment information and other personal data, which the scammers then capture for nefarious purposes.
Although this particular type of smishing campaign has been around for a while, there has been a recent surge in the volume of these scam texts. Toll road scam texts quadrupled in February compared to the previous month, according to McAfee. Forbes reported that cybercriminals have registered more than 10,000 domains to facilitate the new wave of attacks.
The scammers appear to be using a toolkit created by Chinese cybercrime groups. Many of the scam websites reported by Palo Alto Notwork’s Unit 42, a threat intelligence and response group, end in “.xin,” which indicates that it is a Chinese top-level domain.
Some examples cited by the intelligence group include “thetollroads.com-fastrakeu[.]xin” and “fedex.com-fedexl[.]xin.” The Dallas Express has received multiple texts such as these, including this most recent one: “txtag.com-qtno.xin/us.”
Since iMessage blocks these types of links, the scam text messages often include instructions to circumvent this safety feature, another tell-tale sign of a scam text:
“Please reply Y, then exit the text message and open it again to activate the link, or copy the link to your Safari browser and open it.”
The FBI warns mobile phone users not to click on links sent through these types of text messages but instead report them to the federal Internet Crime Center (IC3)and then delete them.
According to the IC3, over $37 billion was reported lost due to cybercrime in the five years from 2019 through 2023. Since then, cybercriminals have become even more sophisticated in their attacks, and these crimes have only increased in number.
In recent years, cybercriminals “have moved to a ‘mobile-first’ attack strategy,” exploiting mobile-specific weaknesses, according to a report from mobile security company Zimperium.
These weaknesses include “limited screen size, which makes suspicious URLs harder to detect; touch-based interfaces, reducing users’ ability to carefully inspect URLs; mobile-specific messaging channels, such as SMS, messaging apps, QR codes, which are often trusted and commonly used in our every day interactions, [and] users’ inherent trust in mobile devices, lowering user’s vigilance and increasing the likelihood of deception.”