This text attack is made in China.
Update: republished on March 22 with a new turn to this Chinese threat and additional advice on what to monitor and how to stay safe.
Stop sending SMS, the FBI told Americans in December, while Chinese pirates are marauding through American networks. But there is another threat of text that quickly sweeps America “State -of -state“And this one is more likely to have your money fly, maybe even your identity. And it is also made in China.
“Have you received a text suggesting that you may need unpaid tolls on your vehicle?” the office again warned this week. “There is a good chance that it is a fraudster who tries to get your personal information.” We are talking about SMIMS texts now targeting iPhone and Android phones through America with false toll invoices. The FBI tells users to delete these texts immediately, and there are many.
In a new report, the antiphling working group (APWG) Paint a dark image. “Residents of the United States are bombed with text messages from Chinese phoists, which claims to come from American toll road operators, including multi-state EZPASS.” Do not reject it as a toll fraud. The same kits lead to the delivery of the package and other false messages with the same concept of operations, just a different text and links. This can be set to any lure. It is an infrastructure attack on our phones, not a single campaign.
The scale of this is now so “astronomical“Suggests a cyber expert, that it would be” alarming to know what is the real cost “. It’s certainly more than a scam, it’s an attack, says Micro trend. And it is Mistigate out of control. According to RobokillerMore than 19 billion spam texts were sent to the United States only in February.
And do not reject it as a tip for stealing a few dollars – it’s not at all. “They don’t care about the seven dollars,” said Aidan Holland from Censys, “they want your credit card number.” THE FTC Said that it is even worse, that your identity could be stolen.
“The texts,” explains the FBI, “says that the recipient owes money for unpaid tolls and contain an almost identical language. The “exceptional toll amount” is similar. However, the link provided in the text is created to usurp the identity of the name of the state toll service, and telephone numbers seem to change between states. ”
The reason for which these links are different is that the attackers are Record tens of thousands of areas To imitate the toll agencies of the State and the City and the Clicks of Lure. And the reason why the texts all seem similar is that they are manufactured by “an improved phishing kit sold in China, which allows you to send text messages and launch phishing sites that usurp the operators of toll roads in several American states.”
This is the APWG warning knot, which emphasizes that “the telephone numbers to which the sentences send the messages are generally random – they are sometimes sent to people who do not use toll roads at all, or target users in poor condition. Some text messages are sent from telephone numbers in countries other than China. ”
But high -level areas are almost always Chinese, which is “a way to spot these scam messages”. Look for “less known high level domains such as .Top, .cyou and .xin”. The field .Top in particular “has a notable history of use by phishers.”
This is where it becomes interesting. The APWG says: “The .top register has long -standing compliance problems. Icann published a letter of violation in the register .Top in July 2024, citing the case of.
Chinese texts increase.
It should be easy to stop, right? Telephone OS networks or manufacturers can surely block texts with these links or provide new anti-SCAM measures to prevent them from hitting phones. Fake. SMS and now RCs are open protocols, and although anti-spam measures are supposed to be in place, they do not work. This should be easy – this is clearly not the case.
Norton has made advice to Americans to stay safe against this deluge of Chinese texts:
- “Unexpected opinions – if you don’t remember missing a toll, be skeptical about any sudden violation notice. Legitimate agencies generally send invoices by official mail, not random emails or SMS.
- Urgent or threatening language – The messages that put you pressure to pay immediately or threaten fines and legal actions are often scams.
- Email or website link from the unusual sender – Examine the e -mail and URL addresses carefully. Shols often use poorly spelled domain names or additional characters (for example, “Toll-autheority123.com” instead of “Tollauthority.com”).
- Suspects or attachments – Never click on links in emails or unlined SMS. Flourish first to check the URL – if it does not correspond to the website of the official toll agency, it is a scam.
- Personal information requests-Legitimate toll agencies do not require sensitive details such as social security numbers or complete information by credit card by e-mail or e-mail. »»
Scam warning
Trend Micro has an entire section on its website dedicated to toll scams. Jon Clay of the company told CNBC this week that “Apple does nothing about this … Android would add it to its spam list so that you will not get SMS of the same number, but the crooks will simply change figures. Apple has done an excellent job to tell everyone that their phone is secure, and they are not, but not from this type of attack. ”
Trend micro has also warned of a new torsion to this scam. “Unlike many other toll scams that target drivers in specific states, this scam is very generic, seeming to come from the” Transport Department of the Wind City “. He threatens drivers with a judicial assignment if they do not pay the costs on a certain date. »»
This emergency is a typical tactic. The new text reads something like: “Final warning from the City Ministry of Transport: $ 6.99 due. Must pay before 03/17 to close the case or cope with a assignment to the court. Retalor now:
The APWG claims that the recipients of these scam texts – of which there are probably hundreds of thousands – can “help update the alert / blocking mechanisms that protect billions of devices and software customers worldwide” by signaling them to the IC3.GOV of the FBI or directly at Apwg.org/Sms.
Meanwhile, the FBI says: “Check your account using the legitimate toll service website, contact the telephone service phone number of the toll service, [and] Remove all the texts from Smims received. »If you click on the link and provide information, consult your accounts and change your keywords even if you have not made payment.
Again, not only looking for the toll texts, the lure could be anything, it turns out that these Chinese attacks are exploiting a successful multi-state seam at the moment. But ultimately, it will move towards something else.
For the moment, this threat continues to go up – be careful there.
