FlagThis

A China-based cybercriminal group known as the Smishing Triad is behind a surge in smishing campaigns targeting consumers in the US and UK. The group is exploiting toll payment services by sending fraudulent text messages that appear to originate from legitimate toll collection agencies such as FasTrak, E-ZPass, and I-Pass. These deceptive messages claim unpaid toll bills or payment requests, tricking users into divulging sensitive personal and financial information. Tolling agencies throughout the United States are battling this escalating cybersecurity threat, highlighting the need for heightened vigilance.

These campaigns utilize tactics that make it difficult for consumers to protect themselves, primarily by spoofing Sender IDs (SIDs) via SMS, iMessage, and other instant messaging (IM) platforms. The attackers impersonate legitimate organizations, creating a sense of urgency to prompt immediate action from the recipients. The lower spam protection of SMS compared to email makes these IM channels a fertile ground for exploitation, leading to a higher likelihood of victims falling for the scam. The attackers’ objectives include financial gain and the theft of personal and financial data for future exploitation.

The scale of the campaign is significant, with the use of over 60,000 impersonation websites, complicating efforts by platforms like Apple and Android to block these fraudulent activities effectively. These fraudulent websites mimic official toll payment portals, tricking users into entering payment details or personal information, which is then harvested for financial fraud and identity theft. Federal and state agencies have issued warnings, advising individuals to verify toll-related claims through official websites and avoid clicking on links in unsolicited text messages. Consumers are also advised to report suspicious messages to authorities and enable security features on smartphones.


References :

• www.cysecurity.news: Tolling agencies throughout the United States are battling an escalating cybersecurity threat that is causing deceptive text message scams, which are often called smishing, to escalate.
• BleepingComputer: Toll payment text scam returns in massive phishing wave
• gbhackers.com: Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
• www.bleepingcomputer.com: The E-ZPass toll payment texts return in massive phishing wave
• Cyber Security News: Beware! Phishing Scam Uses Fake Unpaid Tolls Messages to Harvest Login Credentials
• The DefendOps Diaries: The Toll Payment Text Scam: A Modern Cybersecurity Threat
• www.bleepingcomputer.com: An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.
• gbhackers.com: Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
• securityonline.info: Smishing campaigns exploiting toll payment systems to deceive consumers into disclosing sensitive information, often linked to popular platforms like FasTrak, E-ZPass, and I-Pass.
• Cyber Security News: In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK.
• blog.knowbe4.com: Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks
• cybersecuritynews.com: Threat Actors Leveraging Toll Payment Services in Massive Hacking Attack
• securityonline.info: Smishing Triad Expands Fraud Campaign, Targets Toll Payment Services
• www.scworld.com: Toll payment service-targeted schemes by Smishing Triad escalates
• blog.talosintelligence.com: Unraveling the U.S. toll road smishing scams
• DataBreaches.Net: E-ZPass toll payment texts return in massive phishing wave
• Blog: Unpaid toll-themed smishing campaign gives victims no free ‘E-ZPass’
• Cisco Talos: Have you received a suspicious text that seemed to be from a toll road service? Discover how this widespread smishing scam is targeting U.S. drivers and uncover the actors behind it in our latest blog post:
• Cisco Talos Blog: Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.
• krebsonsecurity.com: China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies.
• www.silentpush.com: Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit
• bsky.app: SilentPush has published a profile of Chinese cybercrime group Smishing Triad. The group is massive, with operations across 121 countries. The report also looks at the group's new phishing kit, named Lighthouse.
• gbhackers.com: Smishing Triad has targeted numerous countries, including but not limited to UK, Canada, and USA.
• www.silentpush.com: Smishing Triad is a Chinese eCrime group systematically targeting organizations in at least 121 countries with SMS phishing “smishing” campaigns.

Classification:

• HashTags: #Smishing #PhishingAttack #Cybersecurity
• Company: Various Toll Payment Services
• Target: Consumers using electronic toll collection systems
• Attacker: Smishing Triad
• Product: Toll Payment Services
• Feature: SMS Phishing
• Type: Phishing
• Severity: High