Americans Warned About Rising Scam Texts Linked to Chinese Cybercriminals
In recent months, the Federal Bureau of Investigation (FBI) and other federal agencies have issued urgent warnings to Americans about a surge in scam text messages targeting individuals across the United States. These messages, often posing as notifications about unpaid tolls, are part of a sophisticated phishing campaign designed to steal personal information and money. The FBI first alerted the public to this threat in April, emphasizing that these messages—known as “smishing” attacks, a combination of SMS (text messaging) and phishing—should be deleted immediately. As of April, the FBI had received over 2,000 complaints about these fraudulent texts, with reports indicating that the scam was spreading rapidly from state to state. The Federal Trade Commission (FTC) later echoed this warning, advising individuals not to click on suspicious links or respond to unexpected texts, as scammers aim to exploit quick reactions to gain access to sensitive data.
The scam has since been reported in numerous states, including Massachusetts, California, North Carolina, South Carolina, Illinois, Colorado, Florida, and others. Even residents of states without toll roads, such as Montana, have been targeted, prompting local governments to issue their own warnings. For instance, the city of Great Falls, Montana, alerted its 60,000 residents about the fake toll notices, stressing that the messages were not affiliated with local authorities. Similarly, the Massachusetts Department of Transportation reassured citizens that EZDriveMA, the state’s toll collection system, would never request payment via text message. Such warnings highlight the widespread nature of the threat and the urgency with which it must be addressed.
Local and Federal Agencies Unite to Combat the Scam
The response to these scam texts has been swift and collaborative, involving federal agencies, state governments, and local authorities. The Oklahoma Turnpike Authority (OTA), for example, recently warned its residents about the scam, advising them to be vigilant when receiving unsolicited messages. Lisa Shearer-Salim, OTA’s communications manager, explained that red flags often include incorrect names or URLs in the messages, which should immediately raise suspicions. She urged recipients to report such messages as spam and avoid clicking on any links. Similarly, rental car company Hertz noted that 18 states, including Arizona, Idaho, and Wisconsin, do not have toll roads, making the scam particularly absurd for residents of those areas. This absurdity has not gone unnoticed, as many recipients have taken to social media to share screenshots of the bizarrely worded texts they’ve received, with some even pointing out the humor in being targeted despite not owning a vehicle or living near toll roads.
Social Media Users Share Their Experiences
The proliferation of these scam texts has sparked a wave of reactions on social media platforms like X (formerly Twitter), where dozens of users have shared their encounters with the fraudulent messages. Some have expressed amusement at the scammers’ tactics, such as the use of handshake emojis in the middle of demands for payment. Others have pointed out the obvious flaws in the messages, such as the fact that they do not live in areas with toll roads. One individual humorously noted that the scam was particularly laughable because they don’t even drive. These shared experiences not only raise awareness about the scam but also highlight the importance of staying vigilant and skeptical when encountering unsolicited messages.
Cybersecurity Experts Point to Possible Chinese Involvement
While the exact origin of these scam texts remains unclear, cybersecurity experts have begun to shed light on the potential sources of the campaign. Chris Krebs, a renowned cybersecurity expert who previously served in the Trump administration, has suggested that Chinese cybercriminals may be behind at least some of the messages. In a recent blog post, Krebs cited research by Ford Merrill of SecAlliance, a cybersecurity firm that protects the computer systems of banks, government agencies, and infrastructure operators. According to Merrill, the volume of SMS phishing attacks impersonating toll road operators skyrocketed after the New Year, coinciding with the activities of a known Chinese cybercriminal group. This group, infamous for selling sophisticated SMS phishing kits, began offering new templates designed to spoof toll operators in various U.S. states. Merrill further revealed that multiple China-based cybercriminals are selling distinct phishing kits, each catering to hundreds or thousands of customers. The ultimate goal of these kits is to gather enough information from victims to add their payment cards to mobile wallets, which hackers can then use to make unauthorized purchases or launder money through shell companies.
How to Protect Yourself from These Scams
Given the sophistication and prevalence of these smishing attacks, it is crucial for individuals to take proactive steps to protect themselves. The FBI has advised Americans to verify any claims of unpaid tolls independently by visiting the official website of their toll service provider or contacting its customer service directly. Under no circumstances should individuals click on links or respond to unsolicited text messages, as doing so could lead to the theft of their personal and financial information. Additionally, consumers are encouraged to report suspicious messages as spam and delete them immediately to avoid accidental interactions. By staying informed and exercising caution, Americans can significantly reduce their risk of falling victim to these scams.
In conclusion, the rise of scam text messages impersonating toll authorities represents a growing threat to personal security in the digital age. With federal and local agencies issuing warnings, social media users sharing their experiences, and cybersecurity experts uncovering potential links to international criminal groups, the issue has come into sharp focus. By understanding the nature of these attacks and taking simple precautions, individuals can safeguard themselves against this insidious form of phishing. As the scam continues to evolve, vigilance and education remain the best defenses against falling prey to these malicious actors.
