Wave of Toll spam on the rise … be on the lookout

I started to do what the article here says, report it to the internet crime complaint center. But as I thought about it, I’m the victim of a simple text message stating that I need to pay a toll today. I’ve received several of these through the past month, but yet I’ve lost nothing.

In the article I read today, Brian explains that this is now the new norm in a way, because the criminals realize that the messages about delivery packages may not be working.

The text messages I’ve been getting tell me to go to some domain by saying “Y” for yes and then clicking on the link. The link is there but is not clickable.

Residents across the United States are being inundated with text messages purporting to come from toll road operators like E-ZPass, warning that recipients face fines if a delinquent toll fee remains unpaid. Researchers say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.

Further down, the article states:

Reports of similar SMS phishing attacks against customers of other U.S. state-run toll facilities surfaced around the same time as the MassDOT alert. People in Florida reported receiving SMS phishing that spoofed Sunpass, Florida’s prepaid toll program.

Brian, you can add me to the list. The whole goal here is to get you to use your mobile device to go to the page to have your info pilfered. It will not work via any other device, says the article.

In each case, the emergence of these SMS phishing attacks coincided with the release of new phishing kit capabilities that closely mimic these toll operator websites as they appear on mobile devices. Notably, none of the phishing pages will even load unless the website detects that the visitor is coming from a mobile device.

W go further down and it says:

Merrill said the different purveyors of these SMS phishing tools traditionally have impersonated shipping companies, customs authorities, and even governments with tax refund lures and visa or immigration renewal scams targeting people who may be living abroad or new to a country.

They’re definitely using the Imessage technology, but I’ve been able to interact with links through imessage, so something else is going on here, me thinks.

SMS phishing kits are hardly new, but Merrill said Chinese smishing groups recently have introduced innovations in deliverability, by more seamlessly integrating their spam messages with Apple’s iMessage technology, and with RCS, the equivalent “rich text” messaging capability built into Android devices.

What isn’t clear is how the targets are selected.

It remains unclear how the phishers have selected their targets, or from where their data may be sourced. A notice from MassDOT cautions that “the targeted phone numbers seem to be chosen at random and are not uniquely associated with an account or usage of toll roads.”

But we need to stay vigilent and understand what is going on here. This is why we are passing this along. Brian, I’ve gotten several of these, and its been off and on for a few years now.

Brian’s article is titled Chinese Innovations Spawn Wave of Toll Phishing Via SMS if you want to read it.

The complaint form asks for identifyable info such as address info, and I’m sure its OK to submnit it, but since I’m not losing any money, I’m curious how this will help? I guess I can make a call and see. I’ve seen this type of thing for quite a long time now.

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.