Chinese Phishing Scams Targeting US Drivers with Fake Toll Texts

Listen to this Post

A Growing Cybersecurity Threat

Chinese cybercriminals are ramping up phishing attacks on US residents by sending fraudulent text messages that impersonate toll road operators. These “smishing” (SMS phishing) scams target both iPhone and Android users, tricking them into clicking malicious links under the guise of unpaid toll charges. The FBI has issued warnings urging users to delete these messages immediately and avoid engaging with the links.

Cybersecurity experts warn that the scale of this attack is unprecedented. The Anti-Phishing Working Group (APWG) has reported that these fraudulent texts are being sent on a massive scale, often masquerading as messages from well-known US toll services, such as E-ZPass. These phishing campaigns also include fake package delivery notifications and other deceptive messages, making them an infrastructural attack on mobile devices.

The FBI’s Warning

The FBI provided a statement to Forbes, explaining that the scam messages claim recipients owe money for unpaid tolls. These texts use nearly identical wording across different states, with links designed to mimic official state toll service websites. Additionally, attackers frequently change the phone numbers used to send the messages, making them harder to track.

To carry out these scams, cybercriminals reportedly register tens of thousands of fraudulent domains to impersonate legitimate toll agencies. These domains often use Chinese-based top-level domains (TLDs) such as .TOP, .CYOU, and .XIN—with .TOP being particularly notorious for fraudulent activity and currently under investigation by ICANN.

How These Attacks Work

  1. Random Targeting – Attackers send mass text messages to random US phone numbers, regardless of whether recipients actually use toll roads.
  2. Fake Links – The messages contain links that redirect users to phishing sites that appear identical to real toll payment pages.
  3. Credential Theft – If users enter their personal or financial details, scammers steal this information for fraudulent transactions.
  4. Dynamic Evasion – Attackers constantly change domains and sender IDs to bypass spam filters and detection systems.

Preventing and Reporting Phishing Attempts

Despite security measures built into SMS and RCS messaging, scammers continue to adapt their tactics. To protect themselves, users are advised to:

  • Avoid clicking on unknown links in text messages claiming to be from toll services.
  • Verify toll charges by visiting official toll road websites directly rather than using links from messages.
  • Report phishing attempts to help authorities improve spam-blocking measures.
  • Change passwords immediately if they have clicked on a suspicious link and entered personal information.

What Undercode Says:

This wave of phishing scams represents a strategic shift in cybercriminal operations, targeting an everyday service that millions of Americans rely on—toll roads. Several key observations emerge from this attack:

1. Exploitation of Critical Infrastructure

  • Instead of targeting financial institutions or traditional online services, hackers are focusing on infrastructure that people rarely suspect as a cyber threat. This makes their messages appear more legitimate.

2. Sophisticated Phishing Kits

  • The use of advanced phishing kits from China suggests a well-coordinated effort. These kits automate the creation of fraudulent websites and texts, allowing scammers to scale operations quickly.

3. Chinese Domains and Cybercrime Trends

  • The involvement of Chinese TLDs (.TOP, .CYOU, .XIN) highlights a broader trend of cybercriminals leveraging lesser-regulated domain registrars. .TOP domains, in particular, have a notorious reputation and are frequently flagged in phishing investigations.

4. Evasion Tactics are Advancing

  • The rapid rotation of fake domains and sender numbers makes it difficult for telecom companies and government agencies to block these scams. This points to the need for enhanced AI-driven threat detection in SMS filtering.

5. The Future of Mobile-Based Attacks

  • Mobile phishing (or “smishing”) attacks are increasing, as SMS remains a weak link in cybersecurity. Unlike email, which has strong spam filters, SMS filtering is still relatively easy for attackers to bypass.

6. Government and Industry Response

– The

– Tighter regulations on domain registration.

– AI-powered detection of phishing links.

  • Stronger collaboration between telecom companies and cybersecurity firms.

7. User Vigilance is Key

  • At the individual level, users must be more skeptical of text messages requesting payments.
  • Simple actions—such as checking URLs carefully, not clicking on unsolicited links, and reporting suspicious messages—can significantly reduce the success rate of these scams.

Fact Checker Results

  1. Chinese-based phishing attacks are increasing, with US agencies confirming a rise in SMS scams linked to fraudulent toll road messages.
  2. The use of Chinese TLDs (.TOP, .CYOU, .XIN) in phishing campaigns has been widely documented, and the .TOP domain has a history of abuse.
  3. The FBI has actively warned against these scams, advising Americans to ignore suspicious toll-related texts and report them immediately.

References:

Reported By: https://timesofindia.indiatimes.com/technology/tech-news/fbi-asks-android-and-iphone-users-in-us-to-delete-these-messages-immediately/articleshow/119312088.cms
Extra Source Hub:
https://www.linkedin.com
Wikipedia
Undercode AI

Image Source:

Pexels
Undercode AI DI v2

Join Our Cyber World:

💬 Whatsapp | 💬 TelegramFeatured Image