The FBI has put Americans on high alert, warning them not to fall for a particular type of scam text messages, as security experts fear that Chinese cybercriminals are behind them.
The alert from the FBI came last April and advised people to delete any SMS messages on their cell phones that told them they had unpaid tolls.
The law enforcement agency explained that these are phishing attacks, or more precisely, smishing attacks since they are text messages instead of emails.
At the time, the FBI had more than 2,000 complaints about these scam messages and indicated that ‘the scam may be moving from state-to-state.’
The Federal Trade Commission (FTC) reminded Americans about the danger on January 17, warning that the scammers behind the texts are trying to get you to click the link in the message so they can steal your money and your personal information.
‘Don’t click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it’s best to stop and check it out,’ the FTC advised.
Just last month, reports of people receiving these texts have come from Massachusetts, California, North and South Carolina, Illinois, Colorado, Florida and more, Forbes reported.
Even local governments are having to warn their citizens about these fake unpaid toll messages.
Great Falls, Montana, a city of 60,000 people, told residents to beware of these kinds of texts on Thursday.
‘A few local people have recently received a text referring to their vehicle having an “outstanding toll bill.” This is a SCAM and is not coming from the City of Great Falls. Please do not click the link in the message,’ the city wrote in an X post.
And last week the Massachusetts Department of Transportation told citizens that EZDriveMA, the state’s toll collector, ‘will never request payment by text.’
‘All links associated with EZDriveMA will include www.EZDriveMA.com,’ the toll authority said.
The Oklahoma Turnpike Authority (OTA) sent out similar warnings this week, urging people not to fall victim to these texts.
‘Usually, you get some signs just by reading the message. If it doesn’t have the correct names or the correct URL, that’s a dead giveaway and you should go ahead and report that as junk or as spam on your phone, and definitely do not click any links on it,’ said Lisa Shearer-Salim, the communications manager for the OTA.
Dozens of social media users have been posting about this issue and screenshotting the sometimes strangely-worded texts they received.
One person was amazed at how the scammers were using handshake emojis in between demands to pay their outstanding tolls.
Many others immediately knew the messages were fraudulent because they don’t have toll roads where they live.
According to rental car company Hertz, 18 states don’t have toll roads at all. This includes Arizona, Idaho, Montana, Wisconsin and Tennessee.
‘This is a hilarious scam text because there are literally no toll roads anywhere near where I live,’ one person wrote on X.
Another person said: ‘I just got this from text via a fake email. I’m laughing cuz I don’t drive.’
If you’re concerned about accidentally not having paid what you owed, the FBI’s advice is to independently check your toll service account and not click on any links contained within the text message.
‘Check your account using the toll service’s legitimate website [or] contact the toll service’s customer service phone number,’ the FBI said.
It’s not entirely clear where all these text messages are originating, but one expert believes they are coming from China.
Chris Krebs, a cyber security expert who served in a newly-created role in the first Trump administration, wrote about the possibility in a recent blog post.
He cited the research of Ford Merrill, who works at SecAlliance, a company that protects the computer systems of banks, governmental agencies, international organizations, and infrastructure operators.
‘Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year, when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages designed to spoof toll operators in various US states,’ Krebs wrote.
‘According to Merrill, multiple China-based cybercriminals are selling distinct SMS-based phishing kits that each have hundreds or thousands of customers.’
The goal of these phishing kits is to gather enough information from the victim so that their payment cards can be added to mobile wallets. Then the hackers can use them to ‘buy goods at physical stores, online, or to launder money through shell companies.’