Latest news with #textattacks
Forbes
3 days ago
- General
- Forbes
If You Get This Message On Your Phone It's An Attack
Delete these texts immediately Republished on May 28 with new warnings from Google and others as these attacks continue to surge across America. And still they come. Despite multiple warnings from the FBI and police forces across the United States, iPhone and Android owners are still falling victim to attacks daily — with their money, their data, even their identities being stolen. While Trump and Xi continue their game of tariff chicken, China's organized crime groups such as Smishing Triad and Panda Shop have quietly industrialized text message attacks, which have now reached almost every city and state in the U.S. It started with undelivered packages, but it's unpaid tolls that have really hit the big time. It's hard to imagine any American phone users can't have seen at least some of the FBI, police and DMV warnings that have been making weekly headlines for months. But users are still falling victim — the scam still works and it still works at scale. 'I got this message earlier today,' one Redditor posted. 'I have never received any text messages from DMV before nor do I owe any outstanding tickets. This is super fishy. Have anyone received anything like this before?' The latest warnings in recent days come from New York, Florida, California and the FCC, which told drivers 'toll operators typically don't use text messages to collect on overdue accounts, and do not use threatening language to rush customers into action.' That's an understatement. If you get an unpaid toll text, you should assume it's an attack. Every time. If you have concerns you may owe a toll, contact the operator using its usual, publicly available channels. Then do as the FBI says and delete the text. And you should get used to these attacks. They're not stopping. The next wave is expected to move from tolls to banking, with texts pretending to be from financial institutions instead of toll operators or delivery services. Resecurity warns 'the actors behind smishing campaigns are tightly connected with those involved in merchant fraud and money laundering activity. Smishing is one of the main catalysts behind carding activities, providing cybercriminals with substantial volumes of compromised data collected from victims.' Resecurity warns just one threat actor can send "up to 2,000,000 smishing messages daily,' which means targeting 'up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the U.S. at least twice every year.' The hope now is that these warnings are being amplified loudly enough for all U.S. citizens to be alert to unpaid toll texts. The Michigan Department of Transportation has even taken to warning of toll scams using the electronic traffic signs along its highways. And it's not ambiguous: 'Be aware,' it warns, 'toll texts are scams.' Louisiana's Office of Motor Vehicles has just warned its drivers in equally blunt terms: 'The @LouisianaOMV does not send text messages or emails threatening to suspend your vehicle registration or driving privileges. If you receive such a message: Do NOT click links; Do NOT respond; Delete the message; Report the scam.' In a new advisory, Google warns this is 'a global threat, we've observed that attackers will 'follow the sun', first sending scam messages mimicking toll roads in Europe, then in the East Coast of the U.S., then in the West Coast, and onwards over the course of a day. These messages aren't always the most realistic — our teams have seen cases where users are spammed with toll road fees in states that don't operate toll roads.' While there are telltale signs — such as Chinese top level domains such as .TOP or .XIN in links or the subtle use of a 'com-' to mimic a real .COM domain, staying safe is simpler. Assume any undelivered package, unpaid toll, compromised password, suspended account or similar is a scam. Never reply. Never engage. Always delete.
Forbes
5 days ago
- Business
- Forbes
If You Get This Message On Your Phone It's Always An Attack
Delete these texts immediately getty And still they come. Despite multiple warnings from the FBI and police forces across the United States, iPhone and Android owners are still falling victim to attacks daily — with their money, their data, even their identities being stolen. While Trump and Xi continue their game of tariff chicken, China's organized crime groups such as Smishing Triad and Panda Shop have quietly industrialized text message attacks, which have now reached almost every city and state in the U.S. It started with undelivered packages, but it's unpaid tolls that have really hit the big time. It's hard to imagine any American phone users can't have seen at least some of the FBI, police and DMV warnings that have been making weekly headlines for months. But users are still falling victim — the scam still works and it still works at scale. The latest warnings in recent days come from New York, Florida, California and the FCC, which told drivers 'toll operators typically don't use text messages to collect on overdue accounts, and do not use threatening language to rush customers into action.' That's an understatement. If you get an unpaid toll text, you should assume it's an attack. Every time. If you have concerns you may owe a toll, contact the operator using its usual, publicly available channels. Then do as the FBI says and delete the text. And you should get used to these attacks. They're not stopping. The next wave is expected to move from tolls to banking, with texts pretending to be from financial institutions instead of toll operators or delivery services. And it won't be SMS — it's more likely to be RCS and iMessage, with better media and copy, as AI makes messages more realistic and attacks harder to detect. These Chinese OCGs see themselves as untouchable, beyond the reach of U.S. law enforcement. Resecurity warns just one threat actor can send "up to 2,000,000 smishing messages daily,' which means targeting 'up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the U.S. at least twice every year.' While there are telltale signs — such as Chinese top level domains such as .TOP or .XIN in links or the subtle use of a 'com-' to mimic a real .COM domain, staying safe is simpler. Assume any undelivered package, unpaid toll, compromised password, suspended account or similar is a scam. Never reply. Never engage. Always delete.
