Latest news with #SmishingTriad
Forbes
3 days ago
- General
- Forbes
If You Get This Message On Your Phone It's An Attack
Delete these texts immediately Republished on May 28 with new warnings from Google and others as these attacks continue to surge across America. And still they come. Despite multiple warnings from the FBI and police forces across the United States, iPhone and Android owners are still falling victim to attacks daily — with their money, their data, even their identities being stolen. While Trump and Xi continue their game of tariff chicken, China's organized crime groups such as Smishing Triad and Panda Shop have quietly industrialized text message attacks, which have now reached almost every city and state in the U.S. It started with undelivered packages, but it's unpaid tolls that have really hit the big time. It's hard to imagine any American phone users can't have seen at least some of the FBI, police and DMV warnings that have been making weekly headlines for months. But users are still falling victim — the scam still works and it still works at scale. 'I got this message earlier today,' one Redditor posted. 'I have never received any text messages from DMV before nor do I owe any outstanding tickets. This is super fishy. Have anyone received anything like this before?' The latest warnings in recent days come from New York, Florida, California and the FCC, which told drivers 'toll operators typically don't use text messages to collect on overdue accounts, and do not use threatening language to rush customers into action.' That's an understatement. If you get an unpaid toll text, you should assume it's an attack. Every time. If you have concerns you may owe a toll, contact the operator using its usual, publicly available channels. Then do as the FBI says and delete the text. And you should get used to these attacks. They're not stopping. The next wave is expected to move from tolls to banking, with texts pretending to be from financial institutions instead of toll operators or delivery services. Resecurity warns 'the actors behind smishing campaigns are tightly connected with those involved in merchant fraud and money laundering activity. Smishing is one of the main catalysts behind carding activities, providing cybercriminals with substantial volumes of compromised data collected from victims.' Resecurity warns just one threat actor can send "up to 2,000,000 smishing messages daily,' which means targeting 'up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the U.S. at least twice every year.' The hope now is that these warnings are being amplified loudly enough for all U.S. citizens to be alert to unpaid toll texts. The Michigan Department of Transportation has even taken to warning of toll scams using the electronic traffic signs along its highways. And it's not ambiguous: 'Be aware,' it warns, 'toll texts are scams.' Louisiana's Office of Motor Vehicles has just warned its drivers in equally blunt terms: 'The @LouisianaOMV does not send text messages or emails threatening to suspend your vehicle registration or driving privileges. If you receive such a message: Do NOT click links; Do NOT respond; Delete the message; Report the scam.' In a new advisory, Google warns this is 'a global threat, we've observed that attackers will 'follow the sun', first sending scam messages mimicking toll roads in Europe, then in the East Coast of the U.S., then in the West Coast, and onwards over the course of a day. These messages aren't always the most realistic — our teams have seen cases where users are spammed with toll road fees in states that don't operate toll roads.' While there are telltale signs — such as Chinese top level domains such as .TOP or .XIN in links or the subtle use of a 'com-' to mimic a real .COM domain, staying safe is simpler. Assume any undelivered package, unpaid toll, compromised password, suspended account or similar is a scam. Never reply. Never engage. Always delete.
Forbes
5 days ago
- Business
- Forbes
If You Get This Message On Your Phone It's Always An Attack
Delete these texts immediately getty And still they come. Despite multiple warnings from the FBI and police forces across the United States, iPhone and Android owners are still falling victim to attacks daily — with their money, their data, even their identities being stolen. While Trump and Xi continue their game of tariff chicken, China's organized crime groups such as Smishing Triad and Panda Shop have quietly industrialized text message attacks, which have now reached almost every city and state in the U.S. It started with undelivered packages, but it's unpaid tolls that have really hit the big time. It's hard to imagine any American phone users can't have seen at least some of the FBI, police and DMV warnings that have been making weekly headlines for months. But users are still falling victim — the scam still works and it still works at scale. The latest warnings in recent days come from New York, Florida, California and the FCC, which told drivers 'toll operators typically don't use text messages to collect on overdue accounts, and do not use threatening language to rush customers into action.' That's an understatement. If you get an unpaid toll text, you should assume it's an attack. Every time. If you have concerns you may owe a toll, contact the operator using its usual, publicly available channels. Then do as the FBI says and delete the text. And you should get used to these attacks. They're not stopping. The next wave is expected to move from tolls to banking, with texts pretending to be from financial institutions instead of toll operators or delivery services. And it won't be SMS — it's more likely to be RCS and iMessage, with better media and copy, as AI makes messages more realistic and attacks harder to detect. These Chinese OCGs see themselves as untouchable, beyond the reach of U.S. law enforcement. Resecurity warns just one threat actor can send "up to 2,000,000 smishing messages daily,' which means targeting 'up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the U.S. at least twice every year.' While there are telltale signs — such as Chinese top level domains such as .TOP or .XIN in links or the subtle use of a 'com-' to mimic a real .COM domain, staying safe is simpler. Assume any undelivered package, unpaid toll, compromised password, suspended account or similar is a scam. Never reply. Never engage. Always delete.
Forbes
17-04-2025
- Business
- Forbes
FBI Warning—Stop Before Opening Texts On Your iPhone, Android Phone
FBI tells smartphones users to 'stop'. American iPhone and Android users are being hit with a deluge of dangerous texts as organized Chinese gangs target states and cities across the country. And those attacks are now surging. The FBI warns users to delete all such texts received, and to 'stop' before responding or engaging with any unexpected messages. 'Scammers often create a sense of urgency to rush you into acting quickly,' a frighteningly effective tactic. On Wednesday, the Federal Trade Commission reported that last year saw a 500% increase in annual losses to text scams over 2020. 'Consumers reported losing $470 million to scams that started with text messages,' it said. The report highlights package deliveries, fake job offers, banking fraud alerts and unpaid tolls as the key messages to watch out for. But the lure can be anything. Messages will hide behind a brand or agency and will include a link to a website that will phish for credentials or take a fraudulent payment. These smishing attacks are supported by kits that are sold, rented or operated by Chinese cybercriminals. The links themselves are often a telltale sign that the text is a scam, using non-U.S. domains with an extended link including multiple misleading keywords. You can read more about those links here, including the new ruse that disguises a malicious link as the genuine '.com' address for the brand or agency being mimicked. New research last week highlighted the scale of some of the Chinese networks — such as Smishing Triad — behind the scams, and warns that the unpaid toll plague is just the beginning. The next wave of attacks is expected to copy major financial and banking brands, tricking users into giving up their credentials or moving their money. SlashNext's J Stephen Kowski told me the Chinese gangs "have evolved from targeting toll road and shipping customers to directly attacking international financial institutions, using sophisticated smishing techniques that bypass traditional security measures. These attackers are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google.' The FBI confirmed its smishing advice last month for all smartphone users: check your accounts using usual, legitimate websites or contact providers by phone, delete all texts received, and check your accounts and change your passwords if you've provided data. According to Zimperium's Kern Smith, 'the latest wave of mobile SMS scams is a stark reminder that mobile devices and apps are uniquely vulnerable — and often under protected — against attackers," while the new reports 'show the continued investment by cybercriminals in targeting mobile users.'
Forbes
16-04-2025
- Forbes
Delete All Texts On Your Phone If You See These 2 Words
These attacks are coming for you now. iPhone and Android users across the U.S. and elsewhere are now under attack from organized networks of Chinese criminals. These attacks come at you by text, and while they may seem trivial — a few dollars for an undelivered package or unpaid toll, they will steal your credit card details, your passwords and even your identity. New research into one such gang — Smishing Triad — warns that there has been a 'massive fraud campaign expansion' since the beginning of 2025, using more than 60,000 different web domains, 'making it difficult for platforms like Apple and Android to block fraudulent activity effectively." This is why you will have seen so many news articles on the spate of toll fraud sweeping across America. Zimperium's Kern Smith told me that 'the latest wave of mobile SMS scams is a stark reminder that mobile devices and apps are uniquely vulnerable — and often under protected — against attackers," while the new reports 'show the continued investment by cybercriminals in targeting mobile users.' Each dangerous text includes a lure — the unpaid toll for example — and a link. The text will pretend to come from a brand or goverment agency and the link will be crafted to match the lure, likely a long URL with the right keywords contained within. Top-20 phishing terms within links Even if the text itself seems plausible, the link is a telltale red flag. It will usually use a top level domain (TLD) from outside the U.S., and it will not match the core domain you would associate with the brand or agency. To get around that problem, attackers are using dashes to trick users into thinking this is a legitimate link using that core domain. And the most dangerous dash follows a '.com'. That makes you think it links the normal .com domain to a subdomain, but that's not the case. It's a ruse to hide a full legitimate domain within a malicious link. This trick is flying. The latest quarterly report from SpamHaus lists the top-2o phishing terms included in malicious links, warning that 'com-track' is a new entry that has gone straight to number one on its list. This would allow an attacker to copy delivery or ecom brand followed by its usual .com, but with an added '-track' after the legitimate URL. If you ever see 'com-track' in a link, delete the text immediately per the FBI's advice. It's a scam. Similarly, 'com-toll' is another new entry on the list and you can expect more of the same to be added quickly as these others take hold. The other telltale warning sign is a Chinese TLD — albeit you won't realize it's Chinese from the TLD itself. Look out for '.Top' in particular as that's the TLD favored by cybercriminals and again is cause on its own for you to delete a text. Don't take any risks. Don't click links in texts. These scams have been industrialized and are fast becoming the most likely way you'll be defrauded.
Forbes
11-04-2025
- Business
- Forbes
FBI Warning As U.S. iPhone, Android Users At Risk From New Chinese Attacks
Attacks are now surging The latest FBI unpaid toll scam warnings in Las Vegas and Phoenix will leave millions of Americans asking why there appears to be no solution to these malicious texts. The bureau first warned about this smishing attack almost exactly a year ago, and yet the plague of malicious messages is now spiralling out of control with no signs of stopping. Resecurity has just warned that the toll payment scam is undergoing a 'massive fraud campaign expansion,' and that 'the campaign has utilized over 60,000 domain names, making it difficult for platforms like Apple and Android to block fraudulent activity effectively." A 'significant spike' in Q1 has seen "millions of consumers targeted." 'These attacks,' says Black Duck's Thomas Richards, 'are very complex and show deep technical capabilities at such scale. While attackers abuse encrypted communications to evade eavesdropping by the carriers, it should still set off alerts within the networks when a single phone number sends thousands of text messages to users outside their geographic area when they aren't a registered short code or business." As I've reported before, this is not a nuisance scam chasing you for a few dollars. It is organized crime, a concerted attack that leverages a complex and extensive ecosystem built and operated out of China. The attackers don't want your $4 or $5. They want to steal your credentials, your credit card details and maybe even your identity. And according to SlashNext's J Stephen Kowski, the Chinese gangs "have evolved from targeting toll road and shipping customers to directly attacking international financial institutions, using sophisticated smishing techniques that bypass traditional security measures. These attackers are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google.' The Smishing Triad group behind these attacks made its name pushing undelivered package messages through compromised iMessage accounts. But it's now much wider. And it's ongoing. In a new report, Talos warns that 'as of March 2025, [we are] still seeing new domains registered by the threat actors for the toll road scams.' And it shares details on the channels — mainly Telegram — used to sell these phishing kits. In another new report this week, the threat hunters at Silent Push say they have "determined that portions of [Smishing Triad's] infrastructure generated over one million page visits within a period of only 20 days, averaging 50,000 per day. Based on this data, we believe the actual number of messages sent may be significantly higher than the current public estimates of 100,000 SMS messages sent per day.' Three weeks ago, the threat actors behind Smishing Triad started sharing a new 'Lighthouse' phishing kit aimed at banks and financial institutions. This is an industrialized attack. 'Smishing Triad boasts it has '300+ front desk staff worldwide' supporting the Lighthouse kit,' as it 'sells its phishing kits to other threat actors." Threat Stop warns that 'we've long known that the group referred to as Smishing Triad has been operating on a massive scale, rotating thousands of malicious domains and spoofing major brands worldwide.' This is true, but Silent Push's findings, that this now targets users in more than 120 countries and operates 'tens of thousands of domains' has frightening implications for the scale of what comes next. A kit that targets your bank rather than a toll operator can do much more immediate damage to your finances. As this threat is mapped, with details on the thousands of domains and hundreds of IP addresses, it will raise questions as to how best to cut this down. What it has done it highlighted the weakness in the openness of SMS/RCS/iMessage in a way that other messaging platforms are not — albeit they're hit with smishing to a lesser extent. Zimperium's Kern Smith told me that 'the latest wave of mobile SMS scams is a stark reminder that mobile devices and apps are uniquely vulnerable — and often under protected — against attackers," while the new reports 'show the continued investment by cybercriminals in targeting mobile users.' The FBI's warning is clear, whether a malicious text relates to road tolls, packages, banking transactions or anything else. Report the text and the number that sent it to and then delete it from your phone.
