A widespread text message scam is falsely alerting individuals to unpaid toll road violations and threatening penalties such as suspended vehicle registrations, reports CyberScoop.
While the alleged amounts are typically small, the scam’s real goal is to steal victims’ payment details through fraudulent websites, according to the Federal Bureau of Investigation, Federal Communications Commission, and Federal Trade Commission, which are already investigating the campaign.
The campaign, which has been ongoing since March 2024 and continues to spread across the United States and Canada, employs a tactic known as smishing, or phishing via SMS. Cybersecurity researchers have linked it to cybercriminals operating out of China who appear to be leveraging tens of thousands of domains to evade detection.
The scam sites mimic legitimate toll agencies but use uncommon domain extensions associated with cybercrime. Many fraudulent texts originate from burner phones with UK and Philippines-based numbers, while phishing sites are hosted on Tencent and Alibaba networks.
Authorities advise the public to avoid clicking links in unexpected messages, report suspicious texts to wireless carriers, and verify toll violations directly with official agencies. Experts stress the need for vigilance against evolving social engineering tactics like those used in these attacks.
