Alert Issued by FBI: Massive Cyber Attack Targeting iPhone and Android Users Orchestrated by Chinese Entities
A new wave of text scams is sweeping across the United States, this time originating from China. The FBI recently warned citizens of a surge in scam texts that mimic toll authority messages, aiming to steal personal information and credit card numbers. Unlike the previous text threat, these messages are more likely to get you and are designed to appear legitimate.
The Anti-Phishing Working Group (APWG) has issued a warning about these scams, which are part of a broader smishing (SMS phishing) campaign targeting both iPhone and Android users. These scams typically involve unsolicited messages claiming that the recipient owes toll payments, often mimicking legitimate toll authorities like E-ZPass or SunPass.
The scammers create a sense of urgency, stating that if the recipient doesn't pay, they might face fines, penalties, or even the loss of their license. The texts include malicious links leading to fake websites designed to steal credit card numbers and personal data. These sites often use uncommon top-level domains associated with cybercrime, such as .TOP or .CYOU.
The attacks are widespread, affecting major U.S. cities, and are increasingly sophisticated, using tens of thousands of malicious domains. The scams are supported by Chinese cybercrime groups that sell advanced phishing kits on platforms like Telegram, allowing local operators to expand their attacks rapidly.
To protect yourself, avoid clicking on any links provided in suspicious texts. Instead, visit the official website of the toll authority directly to verify any outstanding payments. Send scam messages to 7726 (SPAM) and report them to the FTC and FBI’s Internet Crime Complaint Center to help track and stop these scams. Activate spam filtering on your phone to automatically block suspicious messages. Check your accounts directly with the toll agency if you receive a suspicious message claiming you owe money. Regularly check your bank and credit card statements for any suspicious activities and consider freezing your credit as a precaution if you have interacted with a scam link. Enhance your online security by using two-factor authentication and frequently changing your passwords.
Don't dismiss this as just toll fraud. The same infrastructure and tools drive package delivery and other fake messages with the same concept of operations, just different text and links. This can be tuned to any lure, making it an infrastructural attack on our phones, not a single campaign. The scale of this attack is so astronomical that it would be alarming to know what the true cost is.
The new threat continues to surge, so be careful out there.
The FBI warned citizens that a toll authority text scam, part of a broader smishing campaign, is currently unresolved and causing concern. This scam, involving unsolicited messages claiming toll payments are due, targets both iPhone and Android users. The scammers create a sense of urgency and often mimic legitimate toll authorities, leading to potential loss of personal information and credit card numbers. Activate spam filtering on your phone and report any suspicious messages to the FTC and FBI's Internet Crime Complaint Center to help stop these scams.
