The FBI has issued a broad alert regarding a surge in “smishing” scams sweeping across the country.
Smishing involves fraudulent text messages sent via SMS, crafted to deceive recipients into divulging personal details such as login credentials, financial information, and other private data.
This term blends “SMS” with “phishing,” a reference to tactics used to trick people into revealing confidential information under false pretenses.
Cybercriminals have established over 10,000 fake websites to facilitate these scams, targeting both iPhone and Android users with deceptive messages aimed at extracting sensitive information.
Officials advise anyone receiving suspicious texts to delete them without engaging.
A recent study by Palo Alto Networks’ Unit 42, a research arm specializing in digital security threats, exposes how these scams are designed to steal financial data, including banking details and credit card numbers.
Initially, the fraudulent messages focused on fake toll payment notifications, but scammers have since expanded their tactics to include counterfeit delivery service alerts, leading users to harmful links.
For months, law enforcement agencies at both the state and local levels have issued warnings about a widespread toll fee scam that falsely informs recipients of overdue charges.
According to the Federal Trade Commission (FTC), clicking on these fraudulent links can not only result in financial loss but also put victims at risk of identity theft.
These messages follow a predictable format, falsely stating that an overdue payment must be made immediately to avoid penalties.
Each scam text includes a link that directs recipients to a fake payment page, exploiting the vast network of fraudulent domains created by cybercriminals.
As Apple’s iMessage system flags suspicious links, scammers have adapted their methods, instructing users to copy and paste the URL manually into their browser to evade detection.
Cybersecurity experts suggest that these scams operate under a franchise model, utilizing toolkits supplied by hacking groups in China.
Unit 42 has identified a variety of these malicious domains, many of which use China’s .XIN top-level domain (TLD), such as:

• dhl.com-new[.]xin
• fedex.com-fedexl[.]xin
• ezdrive.com-2h98[.]xin
• e-zpassny.com-ticketd[.]xin
• sunpass.com-ticketap[.]xin
• thetollroads.com-fastrakeu[.]xin

The FTC underscores that legitimate toll authorities and delivery services in the U.S. would never direct users to foreign-based domains.
A cybersecurity report from McAfee identifies the cities most affected by these scams, placing Dallas, Atlanta, Los Angeles, Chicago, and Orlando at the top of the list. Other major hotspots include Miami, Houston, Denver, Phoenix, and Seattle.
Authorities report that the frequency of these scams has surged fourfold since the beginning of the year.
Highlighting the personal impact of the scheme, Louisiana Attorney General Liz Murrill disclosed that she was also targeted.
“I received this text as well. It is a scam. If you ever receive a text that looks suspicious, be sure to never click on it. You don’t want your private information stolen by scammers,” she warned.
Certain versions of the scam incorporate even more deceptive techniques.
An investigative report from a Detroit news outlet discovered that when victims attempted to submit a payment, they received a false error message claiming their card had been declined.
This trick prompts users to enter additional credit card details, ultimately providing fraudsters with multiple sources of financial information.
The FBI urges anyone who encounters a suspicious text to take the following precautions:

• File a complaint with the Internet Crime Complaint Center (IC3) at http://www.ic3.gov, including details of the phone number and website referenced in the message.
• Verify any alleged payment obligations by visiting the official website of the toll service or contacting customer support directly.
• Immediately delete any suspicious text messages.
• If personal or financial information has already been compromised, take swift action to secure accounts and dispute unauthorized charges.

The FTC also advises the public to:

• Never click on links or respond to unexpected text messages.
• Confirm the legitimacy of messages by reaching out to toll agencies or service providers through official contact methods.
• Report scam texts by using the “report junk” feature on smartphones or forwarding them to 7726 (SPAM).

According to cybersecurity firm Zimperium, cybercriminals are increasingly shifting their focus to mobile-based attacks, exploiting the tendency of users to engage with text messages more readily than emails.
Because smartphones encourage quick interactions, users are at higher risk of falling victim to these deceptive schemes.
With smishing scams growing more sophisticated and widespread, authorities continue to stress the importance of remaining alert.
Individuals are urged to stay cautious, avoid interacting with unsolicited texts, and take necessary steps to safeguard their personal and financial data.
{Matzav.com}The post FBI’s Warning To iPhone, Android Users: Delete These ‘Smishing’ Texts Now first appeared on Matzav.com.