What is ‘Smishing’? The FBI Wants You to Know About This Latest Scam
Imagine it’s the weekend, and you’re sitting comfortably with your phone in hand, watching the latest TikTok videos or sending the funniest memes to your friends when you receive a message saying you have unpaid road tolls. You start panicking and almost immediately click on the link to pay your fines. Then, you remember you don’t have a car and don’t drive. It dawns on you that this is a scam.
Fortunately, it was easy for you to spot the scam. But what about those who do drive and regularly pass by toll roads? They might think the message is legit, making it very easy for them to click the link and get scammed.
What is Smishing?
According to this PSA from the FBI, “smishing” is “A social engineering attack using fake text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals. ‘Smishing’ combines ‘SMS’—or ‘short message service,’ and ‘phishing.’ ‘Phishing’ generally pertains to attacks on the internet, email, or websites.”
Since March 2024, the FBI Internet Crime Complaint Center (IC3) has received more than 2,000 complaints about smishing from at least three different states. The IC3 has reason to believe that the scam may be moving from state to state.
The message informs the recipient that they have “an outstanding toll amount” on their record, and to avoid a late fee, they need to settle the balance by clicking on the link provided. The link will open to a fake page that impersonates the legitimate state’s toll service name.
A cybersecurity company, Palo Alto Networks, explained that the scam was designed to entice recipients to “reveal personal and/or financial information, including credit or debit card and account information,” according to People.
The FTC also warned people that the scam is not only to try and “steal your money, but if you click the link, they could get your personal info and even steal your identity.”
How to Detect if the SMS is a Scam?
Forbes reported that the scam seems to be tied up with Chinese cybercrime groups. If you receive a similar message, check the link before you click. If the link ends in .xin like dhl.com-new[.]xin or thetollroads.com-fastrakeu[.]xin, these are scam messages.
The IC3 also encouraged those who received these messages to file a complaint with them via their website, ic3.gov, to include in the report the phone number from where the text came, and the website listed within the text.
