CyberSecurity news
FlagThis
Stu Sjouwerman@blog.knowbe4.com
//
A widespread smishing campaign targeting toll road users across the United States has been uncovered by cybersecurity researchers. The campaign, active since October 2024, involves attackers sending fraudulent SMS messages claiming that victims owe small amounts, typically under $5, for unpaid tolls. These messages warn of late fees and redirect recipients to spoofed websites designed to mimic legitimate toll service platforms like E-ZPass. The goal is to steal sensitive user information, including personal details and credit card information.
These fraudulent websites prompt victims to solve a fake CAPTCHA before being redirected to a webpage displaying a fabricated bill. The bill includes the victim’s name and warns of a $35 late payment fee, urging them to proceed with payment. Once victims click “Proceed Now,” they are taken to another fake page where they are asked to provide personal details such as their name, address, phone number, and credit card information. This data is then stolen by the threat actors. The campaign spans at least eight states, including Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois, and Kansas, identified through spoofed domains containing state-specific abbreviations observed in the SMS messages.
Cisco Talos attributes this campaign to multiple financially motivated threat actors using smishing kits developed by an individual known as “Wang Duo Yu.” These kits have been previously linked to large-scale smishing attacks targeting mail services like USPS and financial institutions. Wang Duo Yu operates several Telegram channels and forums promoting smishing kits and offering tutorials on phishing techniques. His kits are priced between $20 and $50 depending on the features and support provided. The typosquatted domains used in the campaign resolve to specific IP addresses: 45[.]152[.]115[.]161, 82[.]147[.]88[.]22, and more recently 43[.]156[.]47[.]209.
References :
These fraudulent websites prompt victims to solve a fake CAPTCHA before being redirected to a webpage displaying a fabricated bill. The bill includes the victim’s name and warns of a $35 late payment fee, urging them to proceed with payment. Once victims click “Proceed Now,” they are taken to another fake page where they are asked to provide personal details such as their name, address, phone number, and credit card information. This data is then stolen by the threat actors. The campaign spans at least eight states, including Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois, and Kansas, identified through spoofed domains containing state-specific abbreviations observed in the SMS messages.
Cisco Talos attributes this campaign to multiple financially motivated threat actors using smishing kits developed by an individual known as “Wang Duo Yu.” These kits have been previously linked to large-scale smishing attacks targeting mail services like USPS and financial institutions. Wang Duo Yu operates several Telegram channels and forums promoting smishing kits and offering tutorials on phishing techniques. His kits are priced between $20 and $50 depending on the features and support provided. The typosquatted domains used in the campaign resolve to specific IP addresses: 45[.]152[.]115[.]161, 82[.]147[.]88[.]22, and more recently 43[.]156[.]47[.]209.
Share:
References :
- Cyber Security News: "$5 SMS Scam Alert: Toll Road Users Targeted in New Phishing Campaign"
- gbhackers.com: Smishing Campaign Hits Toll Road Users with $5 Payment Scam
- Daily CyberSecurity: Nationwide Smishing Scam Targets Toll Road Users, Stealing Payment Data
Classification:
- HashTags: #Smishing #Phishing #Cybercrime
- Company: Multiple
- Target: US Toll Road Users
- Feature: SMS Phishing
- Type: Phishing
- Severity: Medium