TZUTC: -0500   
   MSGID: 471.consprcy@1:2320/105 2c3ac230   
   PID: Synchronet 3.20a-Linux master/acc19483f Apr 26 202 GCC 12.2.0   
   TID: SBBSecho 3.20-Linux master/acc19483f Apr 26 2024 23:04 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   A massive SMS toll fee scam is sweeping the US  heres how to stay safe,   
   according to the FBI   
      
   Date:   
   Sat, 15 Mar 2025 10:45:00 +0000   
      
   Description:   
   A widespread SMS scam is targeting thousands of smartphone users in the US   
   here's how to stay safe.   
      
   FULL STORY   
   ======================================================================   
    - US smishing scam claims that unpaid toll service fees are due   
    - SMS messages include a bogus link to make an online payment   
    - Cybercriminals are using more than 10,000 domains to trick recipients   
      
   A widespread SMS scam is targeting thousands of smartphone users in the US.   
   Fraudsters are sending bogus texts demanding payment for unpaid road tolls.   
   Their goal isnt just to swindle innocent recipients out of their money, but   
   also their personal and financial information.    
      
   Reports of the smishing scam first surfaced last year. In April 2024, the    
   FBIs Internet Crime Complaint Center (IC3) issued a notice about fake toll   
   service text messages , after receiving more than 2,000 complaints from US   
   citizens.    
      
   Since then, the scale of the scheme appears to have grown. Cities in several   
   US states have now issued warnings, including Boston , Denver and San   
   Francisco . McAfee has also highlighted cities most affected by the scheme:   
   the top three are Dallas, Atlanta and Los Angeles.   
      
   How the smishing scam works   
      
   Based on screenshots weve seen, text messages in the toll scam all appear to   
   follow a similar structure. Each SMS claims to be from a legitimate toll   
   service and states that there is an unpaid fee. It then instructs the   
   recipient to pay the outstanding toll within a set time period to avoid late   
   fees and a referral to the DMV. A URL is then provided, which directs uses to   
   a bogus payment page.    
      
   This page is designed to look convincingly like a legitimate toll service   
   payment website. It will often feature a logo, business name and street   
   address. It will also state the supposed time and date of the unpaid fee. A   
   threat actor leveraging the same naming pattern has registered 10K+ domains   
   for various #smishing scams. They pose as toll services for US states and   
   package delivery services. Root domain names start with "com-" as a way to   
   trick victims.   
      
   If you click the payment link, the website will then ask for payment   
   information. Sometimes it will also request sensitive personal information,   
   such as your driving license number. If you submit this information, youre   
   actually giving it to the fraudsters, exposing yourself to identity theft.    
      
   The scam uses the same tactics as most phishing scams , creating a sense of   
   urgency by demanding payment within a short time period. The threat of legal   
   action increases the likelihood of an emotional reaction , which could cause   
   users to overlook inconsistencies in the original SMS or linked payment page.    
      
   The scam uses the same tactics as most phishing scams, creating a sense of   
   urgency by demanding payment within a short time period.    
      
   Reports also suggest that there are variations of the scam. In some    
   instances, it appears that cybercriminals have varied the contents of the SMS   
   and payment page to target users in specific states. One screenshot weve seen   
   claims to be from the City of New York. For some recipients, this could make   
   the message more believable than a generic alert.    
      
   Recent intelligence from Palo Alto Networks Unit 42 reports that scammers    
   have registered more than 10,000 domain names. Each of these is designed to    
   be ambiguous enough that a casual glance might not reveal the deceit. Not    
   only do the new domains suggest that the scam is still ongoing, but certain   
   URLs indicate that it could be expanding to include fake  messages from   
   delivery companies  an increasingly common tactic .    
      
   Here are a few of the domains listed in the notice: dhl.com-new[.]xin   
   driveks.com-jds[.]xin ezdrive.com-2h98[.]xin    
   ezdrivema.com-citations-etc[.]xin ezdrivema.com-securetta[.]xin   
   e-zpassiag.com-courtfees[.]xin e-zpassny.com-ticketd[.]xin   
   fedex.com-fedexl[.]xin getipass.com-tickeuz[.]xin sunpass.com-ticketap[.]xin   
   thetollroads.com-fastrakeu[.]xin usps.com-tracking-helpsomg[.]xin   
      
   How to stay safe   
      
   As with any smishing or phishing scam, the best way to stay safe is to   
   practice caution. If you receive an unexpected SMS about unpaid toll fees,   
   theres a good chance its a scam. Pause before you act on any information in   
   the message and dont click on any links.    
      
   Pay attention to details in the message. Scam texts will often feature   
   grammatical errors or formatting inconsistencies, such as the placement of   
   punctation. A closer look at the URL will often reveal that its illegitimate,   
   too.    
      
   If in doubt, contact the genuine toll service in question. Never click the   
   link in the SMS. Instead, find the services real website or contact number   
   using a trusted search engine and reach out for clarification.    
      
   The scam is now so extensive that the US Federal Trade Commission has issued   
   advice to the same effect, as has the FBI. If you do discover a bogus or   
   suspicious SMS, the instructions of both agencies are the same: report and   
   delete the messages.  You can do this on the IC3 website .   
      
   ======================================================================   
   Link to news story:   
   https://www.techradar.com/computing/cyber-security/a-massive-sms-toll-fee-scam   
   -is-sweeping-the-us-heres-how-to-stay-safe-according-to-the-fbi   
      
   $$   
   --- SBBSecho 3.20-Linux   
    * Origin: capitolcityonline.net * Telnet/SSH:2022/HTTP (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/305 153/7715 154/110 218/700 226/30   
   SEEN-BY: 227/114 229/110 111 114 206 300 307 317 400 426 428 470 664   
   SEEN-BY: 229/700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 712/848 902/26 2320/0 105 3634/12 5075/35   
   PATH: 2320/105 229/426