I don't know about y'all but I keep geting these stupid text saying that my "Peachpass" isn't paid and I need to settle up now before I get tickets and lose my license. Any state that uses any kind of toll system will get these scams. See they have several *tells* First the urgency, YOU MUST PAY IMMEDIATELY* Then they warn of the consequences...YOU WILL GET TICKETS AND LOSE YOUR LICENSE. They prey on the those that frighten easily. those are a couple of the *Tells* and then they furnish a hyperlink in the text so you can pay the bill, it will take you to an "official looking website: but if you look closely at the address line of the site, it ain't gonna match or if you hover a curser over it it will show the embedded link inside the words. This is just an example of a scam
I'm gonna show y; all another, scam is from the movie "The BeeKeeper" with Jason Statham,
This shows how a scam runs on one of those *fake Virus* sites Dang good movie btw. You notice that she hesitated, her gut was telling her that something was wrong but she ignored her gut and did it anyway.
I saw this article on on Forbes, it was the genesis for todays post.
These attacks are coming for you now.
Update: Republished on April 18 with multiple new warnings as threat soars.
iPhone and Android users across the U.S. and elsewhere are now under attack from organized networks of Chinese criminals. These attacks come at you by text, and while they may seem trivial — a few dollars for an undelivered package or unpaid toll, they will steal your credit card details, your passwords and even your identity.
New research into one such gang — Smishing Triad — warns that there has been a “massive fraud campaign expansion” since the beginning of 2025, using more than 60,000 different web domains, “making it difficult for platforms like Apple and Android to block fraudulent activity effectively." This is why you will have seen so many news articles on the spate of toll fraud sweeping across America.
Zimperium’s Kern Smith told me that “the latest wave of mobile SMS scams is a stark reminder that mobile devices and apps are uniquely vulnerable — and often under protected — against attackers," while the new reports “show the continued investment by cybercriminals in targeting mobile users.”
Each dangerous text includes a lure — the unpaid toll for example — and a link. The text will pretend to come from a brand or goverment agency and the link will be crafted to match the lure, likely a long URL with the right keywords contained within.
Even if the text itself seems plausible, the link is a telltale red flag. It will usually use a top level domain (TLD) from outside the U.S., and it will not match the core domain you would associate with the brand or agency.
To get around that problem, attackers are using dashes to trick users into thinking this is a legitimate link using that core domain. And the most dangerous dash follows a “.com”. That makes you think it links the normal .com domain to a subdomain, but that’s not the case. It’s a ruse to hide a full legitimate domain within a malicious link.
This trick is flying. The latest quarterly report from SpamHaus lists the top-2o phishing terms included in malicious links, warning that “com-track” is a new entry that has gone straight to number one on its list. This would allow an attacker to copy delivery or ecom brand followed by its usual .com, but with an added “-track” after the legitimate URL.
If you ever see “com-track” in a link, delete the text immediately per the FBI’s advice. It’s a scam. Similarly, “com-toll” is another new entry on the list and you can expect more of the same to be added quickly as these others take hold.
The other telltale warning sign is a Chinese TLD — albeit you won’t realize it’s Chinese from the TLD itself. Look out for “.TOP” in particular as that’s the TLD favored by cybercriminals and again is cause on its own for you to delete a text.
Top-20 phishing terms within links
According to the Anti-Phishing Working Group (APWG), a Chinese top level domain is “one way to spot these scam messages.” Look for “lesser-known TLDs such as .TOP, .CYOU, and .XIN.” The .TOP domain in particular "has a notable history of being used by phishers.” APWG says “ICANN issued a breach letter to .TOP Registry in July 2024, citing .TOP’s failures to comply with abuse reporting and mitigation requirements, and as of March 2025 the case is still listed as unresolved on ICANN’s Web site.”
Unsurprisingly, the problem is quickly getting worse. America’s Federal Trade Commission (FTC) has just reported that new data “shows that in 2024, consumers reported losing $470 million to scams that started with text messages.” And while “the most commonly reported type of text scam was fake package delivery,” others included “fake ‘fraud alert’ messages sent to consumers warning about a suspicious purchase or an issue with their bank; warnings about fake unpaid tolls with a link to pay them; and ‘wrong number’ scams that start as a seemingly misdirected message.”
According to Silent Push, one Chinese phishing gang alone, Smishing Triad, “generated over one million page visits within a period of only 20 days, averaging 50,000 per day. Based on this data, we believe the actual number of messages sent may be significantly higher than the current public estimates of 100,000 SMS messages sent per day.”
An alarming new report from Trend Micro warns that “March saw a massive 247% increase in scam texts… With the adoption of AI, scammers are constantly shifting their tactics to stay ahead, and it shows, with more consumers falling into a false sense of security – making it easy for cyber criminals to strike.”
Building on the tracking lure per those top phishing terms, Trend Micro reports that “the newest edition to our list is Chinese clothing manufacturer Shien. Scammers have recently been posing as Shein with fake delivery updates, attempting to catch unsuspecting shoppers out. These texts have been seen to include links to phishing sites that steal personal or payment details. It can be difficult to navigate Shien texts as the company does send its customers updates via SMS. If you haven’t ordered recently or have found a message that feels off, it’s best to delete it — Shein won’t text you out of the blue with suspicious links.” The same is true for almost all blue chip retailers.
March is not a one off — just a quickly accelerating theme. According to the research team, “SMS scams [in February] increased by 73% compared to January… Prize, lottery, and survey scams continue to be the most common, consistently deceiving consumers with fraudulent offers. This type of scam remains popular among cyber criminals due to its effectiveness in luring unsuspecting victims. In total, these scams accounted for nearly half of all the fraudulent messages sent in February.”
But while many SMS attacks follow these traditional lures, crypto has also become an increasing focus just as we see in all other areas of cyber. “Cryptocurrency exchanges are now a frequent victim of impersonation attacks… The messages may claim that there is unusual activity on the account, urgent verification is needed, or withdrawal pending. The purpose of these scams is to cause panic, prompt users to click on spoofed links, and convince them to reveal login credentials or one-time passwords. These scams are particularly dangerous in that they are targeting users on their phones directly, bypassing normal email spam filters.”
Even the new trade war and tariff battle has become a theme for such attacks. According to BforeAI, “cybercriminals have launched a wave of scam and hate campaigns leveraging the ripple effects of tariff interest and coverage. A significant surge totaling 301 domain registrations was seen in the first three months of 2025. Surprisingly, only one typosquat, ‘tarrif’, was identified, indicating the cybercriminals’ preference in taking a more direct approach to support the scams.”
Don’t take any risks. Don’t click links in texts. These scams have been industrialized and are fast becoming the most likely way you’ll be defrauded.
This week my android received a text advising I pay overdue toll charges or else.
ReplyDeleteThe sender was +44 country code. That's the UK but who knows.
I didn't open it.