FBI Warns Of Massive China-Linked Smishing Attack Targeting iPhone And Android Users

A fresh outbreak of smishing attacks, the majority of them coming from China, is raging in the United States, necessitating urgent advisories from the FBI, FTC, and security experts. These fake text messages, presented in the guise of toll payment notices and delivery confirmation, are luring victims into divulging intimate personal and financial details.

Cyberthieves have created over 10,000 domains used to facilitate these scams by registering them, as reported by cybersecurity companies and federal agencies. iPhone and Android users are being targeted with a startling frequency. Scammers send messages telling them they have outstanding toll charges to pay or have a package delivery problem that must be addressed, and links them to imposter websites intended to harvest credit card information and bank credentials.

FBI Sounds the Alarm

In a recent release, the FBI encouraged users to delete suspicious messages as soon as possible and not click on embedded links. “These smishing attacks are not just scams. They’re an organized effort to steal personal and financial data on a large scale,” the agency cautioned.

Security experts have attributed the activity to Chinese cybercrime syndicates that sell advanced phishing tools to local scammers so they can expand their attacks at short notice. Recent reports show that major cities like Boston, Denver, Detroit, Houston, and San Francisco have registered a big spike in such scam texts.

Toll Payment Scams Leading the Charge

While there are numerous forms of these scams, deception toll payment notifications have proven to be very successful. Scammers impersonate legitimate toll authorities such as E-ZPass, SunPass, and FasTrak, sending notifications stating that recipients owe them minimal amounts—usually less than $10—to preempt suspicion. However, cybersecurity specialists point out that the ultimate aim is not the small charge but rather to obtain access to victims’ credit card numbers and other personal data.

The scams are based on rare top-level domains like .TOP, .CYOU, and .XIN that have past experience with being utilized for phishing activities. In mid-2024, ICANN (Internet Corporation for Assigned Names and Numbers) sent a notice of compliance violation to the .TOP registry, but the matter is still not resolved.

Authorities Urge Caution

The Federal Trade Commission (FTC) has provided guidelines to assist Americans in escaping falling prey to smishing scams:

• Check payment requests – If you are texted about an unpaid toll or package pickup, access the official website directly rather than clicking links.
• Be cautious with threatening texts – Scammers tend to apply pressure tactics, threatening fines or lawsuits in order to pressure victims into paying.
• Inspect URLs carefully – Many scam messages include web addresses with slight misspellings or added numbers.
• Avoid providing sensitive information – Legitimate toll agencies and delivery services do not request Social Security numbers or full credit card details via text.
• Report scams – Victims are encouraged to report fraudulent texts to the FTC (reportfraud.ftc.gov) and the FBI’s Internet Crime Complaint Center (IC3.gov).

Expanding Cyber Threats

Aside from toll scams, authorities also advise that such tactics are being employed to victimize cryptocurrency investors. Australian Federal Police recently issued a warning about scammers who pose as the Binance crypto exchange, defrauding users into sending money to fake accounts.

Besides, the FBI has also identified an uptick in phantom hacker scams, where hackers pose as bank officials to scam victims into thinking their accounts are compromised. Using spoofed genuine phone numbers, scammers use the threat of urgency to induce victims to transfer their savings unknowingly to fraudulent accounts.

What Users Can Do

• To stay safe from such emerging threats, security experts suggest the following precautions:
• Turn on spam filters on your mobile to filter out malicious messages.
• Pay online using credit cards rather than debit cards since they are more secure against fraud.
• Enroll in official toll accounts so legitimate charges can be traced.
• Check bank statements regularly for suspicious transactions.
• Enhance online security through the use of two-factor authentication and frequent password changes.

As authorities work to shut down these scams, experts stress that user awareness remains the best defense. “If a text demands immediate action or payment, assume it’s a scam and delete it,” the FBI advised.

ALSO READ: Cultural Exchange Or Annexation Move? Why Is Second Lady Usha Vance Visiting Greenland