In a concerning development, cybercriminals have registered more than 10,000 domains to facilitate smishing scams across the United States and parts of Canada. Smishing, a blend of “SMS” and “phishing,” involves fraudulent text messages designed to deceive recipients into revealing personal and financial information.
According to a recent report by cybersecurity firm Palo Alto Networks’ Unit 42, these scams impersonate toll collection agencies and package delivery services in at least ten U.S. states, including California, New York, Texas, Virginia, Pennsylvania, Florida, Massachusetts, New Jersey, Illinois, and Kansas, as well as the Canadian province of Ontario. The fraudulent messages typically inform recipients of unpaid tolls or pending deliveries, urging them to click on malicious links to resolve the issue.
The Federal Bureau of Investigation (FBI) has issued a nationwide warning about this surge in smishing attacks. The agency emphasizes that legitimate toll and delivery services do not solicit payments or personal information via unsolicited text messages. Recipients are advised to delete any suspicious messages immediately and refrain from clicking on any links or providing personal information.
Cybersecurity experts note that these scams have evolved to bypass security measures. For instance, some fraudulent texts instruct iPhone users to reply with a ‘Y’ to display the malicious link, circumventing Apple’s security features that block unknown links.
Authorities recommend that individuals who receive such messages report them to the appropriate agencies and avoid interacting with the content. Vigilance and caution are crucial in protecting personal and financial information from these sophisticated smishing scams.
Sources:
