A Growing Nationwide Scam
The FBI is warning Americans about a surge in malicious SMS phishing (smishing) attacks moving state to state. Cybercriminals have registered over 10,000 fraudulent domains to fuel these scams, targeting iPhone and Android users with fake toll payment and delivery service notifications. Authorities urge recipients to delete these texts immediately to avoid falling victim.
How the Scam Works
Smishing messages typically claim you have an unpaid toll bill or a missed delivery, pressuring you to act fast by clicking a fraudulent payment link. Since Apple’s iMessage blocks suspicious links, scammers now instruct victims to manually copy the URL into their web browser.
Security experts at Palo Alto Networks’ Unit 42 report that this campaign aims to steal personal and financial information, including credit card details. The Federal Trade Commission (FTC) warns that clicking these links can lead to identity theft or unauthorized bank transactions.
Scam Indicators: Red Flags to Watch For
These fake domains are crafted to look like real toll services or delivery companies but often include unusual elements, such as hyphens, extra letters, or non-U.S. domain extensions (e.g., .xin). Some examples of fraudulent sites include:
- dhl.com-new[.]xin
- ezdrive.com-2h98[.]xin
- fedex.com-fedexl[.]xin
- usps.com-tracking-helpsomg[.]xin
- thetollroads.com-fastrakeu[.]xin
No legitimate U.S. toll or delivery service will redirect users to a Chinese domain or require manual entry of a URL.
Widespread Impact Across the U.S.
These scams have prompted warnings from law enforcement agencies in multiple states, including:
- Texas (Dallas, Houston, San Antonio)
- California (Los Angeles, San Diego)
- Florida (Miami, Orlando)
- Illinois (Chicago)
- Georgia (Atlanta)
- Washington (Seattle)
- Colorado (Denver)
- Indiana (Indianapolis)
- Ohio (Boardman, statewide warnings issued)
Local media in Detroit reported that thousands of residents received these scam texts in recent weeks. Authorities in Louisiana, Virginia, Maryland, North Carolina, and Georgia have also issued direct warnings.
The Scammers’ Tactics Are Evolving
Security firms like McAfee and Zimperium warn that cybercriminals are shifting to mobile-first attack strategies, knowing that users are more vulnerable on smartphones. One particularly dangerous new trick involves fake payment failures—when victims enter their credit card details, they receive a “payment declined” message, encouraging them to try another card. Each attempt hands more financial information to the scammers.
How to Protect Yourself
The FBI and FTC provide clear guidance on what to do if you receive a smishing text:
✅ Do not click on any links or reply to the message.
✅ Verify legitimacy by visiting the official website of the toll agency or delivery service.
✅ Report and delete scam texts by forwarding them to 7726 (SPAM) or using the “Report Junk” option on your phone.
✅ If you clicked the link, immediately secure your accounts, check for unauthorized transactions, and dispute any unfamiliar charges.
✅ Report the scam to the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov.
With cybercriminals expanding their operations and registering thousands of new domains, staying alert is critical. Don’t fall for these scams—delete suspicious texts and report them immediately.