The FBI has issued a warning about a threat spreading “from state to state” that targets individuals through malicious SMS (smishing) texts. iPhone and Android users are advised to delete any such texts immediately. Cybercriminals have registered over 10,000 domains to facilitate a new wave of attacks. These texts can be identified easily and should be deleted right away.
According to Palo Alto Networks’ Unit 42, the campaign tricks users into revealing personal and financial information, including credit or debit card details. The original threat focused on toll scams with state-specific payment links, while the new domains incorporate delivery services. The FTC warns that clicking on these links could lead to identity theft.
All smishing texts follow a similar pattern: an urgent demand for payment of an unpaid bill, accompanied by a link to a fraudulent payment site. Since iMessage blocks such links, the texts often instruct users to reply or copy the link into Safari for payment.
The scam is believed to be operated by Chinese cybercrime groups, as evidenced by the use of Chinese .XIN top-level domains in the shared examples. Users are advised not to click on any links from texts and instead verify accounts through legitimate websites or customer service phone numbers.
Warnings have been issued by numerous cities across the U.S., including Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, San Francisco, and others. A notable sign of the scam is the placement of the dollar sign after the amount in texts, which is uncommon in the U.S.
McAfee has highlighted the cities most targeted by these scams, including Dallas, Atlanta, Los Angeles, Chicago, and Orlando. The frequency of these scams has nearly quadrupled at the end of February compared to January.
The FBI advises those who fall victim to these scams to file a complaint with the IC3 (www.ic3.gov), check accounts using legitimate websites, contact customer service, and delete any smishing texts received. If any links were clicked or information provided, efforts should be made to secure personal information and financial accounts.
— news from Forbes