Stu Sjouwerman@blog.knowbe4.com
//
Tolling agencies throughout the United States are currently grappling with an escalating cybersecurity threat: deceptive text message scams known as smishing. These scams involve cybercriminals sending text messages that impersonate toll payment notifications, tricking individuals into clicking malicious links and making unauthorized payments. These messages often embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority.
These scams are part of a sophisticated campaign leveraging platforms, most recently a PhaaS platform called Lucid. This platform enables cybercriminals to launch large-scale phishing campaigns with minimal effort. Cybercriminals behind this scheme are exploiting legitimate communication technologies like Apple iMessage and Android RCS to bypass traditional spam filters and deliver their malicious messages at scale.
The phishing messages typically claim unpaid toll fees and threaten fines or license suspension if recipients fail to respond. The Lucid platform offers advanced features such as dynamic targeting, device-specific focus, and evasion techniques. These features allow attackers to tailor campaigns for iOS or Android users, block connections from non-targeted regions, and prevent direct access to phishing domains.
Recommended read:
References :
- aboutdfir.com: Have you ever received an odd text message on your phone, purporting to be from a toll provider or package delivery service? If you have a U.S. cell phone, chances are you’ve encountered one of these SMiShing attempts—cybercriminals’ latest ploy to trick you into giving up your personal
- www.cysecurity.news: Tolling agencies throughout the United States are battling an escalating cybersecurity threat that is causing deceptive text message scams, which are often called smishing, to escalate.
- Cyber Security News: Beware! Phishing Scam Uses Fake Unpaid Tolls Messages to Harvest Login Credentials
- gbhackers.com: Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
- www.bleepingcomputer.com: E-ZPass toll payment texts return in massive phishing wave
- BleepingComputer: An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.
- The DefendOps Diaries: The Toll Payment Text Scam: A Modern Cybersecurity Threat
- blog.knowbe4.com: Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks
- cybersecuritynews.com: A sophisticated cybercriminal operation has emerged targeting toll payment services across multiple regions, with evidence suggesting this campaign will continue expanding globally.
- Cyber Security News: Toll Payment Services Abused in Large-Scale Hacking Campaign
- gbhackers.com: Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
- securityonline.info: Resecurity report details escalation of smishing by China-based Smishing Triad targeting toll payments in US and UK.
- securityonline.info: Smishing Triad Expands Fraud Campaign, Targets Toll Payment Services
- www.scworld.com: Toll payment service-targeted schemes by Smishing Triad escalates
- Cisco Talos Blog: Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.
- krebsonsecurity.com: China-based SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad†mainly impersonated toll road operators and shipping companies.
- www.silentpush.com: Smishing Triad is a Chinese eCrime group systematically targeting organizations in at least 121 countries with SMS phishing “smishing†campaigns.
- bsky.app: SilentPush has published a profile of Chinese cybercrime group Smishing Triad. The group is massive, with operations across 121 countries. The report also looks at the group's new phishing kit, named Lighthouse.
- gbhackers.com: Chinese eCrime Group Targets Users in 120+ Countries to Steal Banking Credentials
- www.silentpush.com: Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit
- blog.talosintelligence.com: Have you received a suspicious text that seemed to be from a toll road service? Discover how this widespread smishing scam is targeting U.S. drivers and uncover the actors behind it in our latest blog post:
- Cisco Talos: Have you received a suspicious text that seemed to be from a toll road service? Discover how this widespread smishing scam is targeting U.S. drivers and uncover the actors behind it in our latest blog post:
- cyberpress.org: “$5 SMS Scam Alert: Toll Road Users Targeted in New Phishing Campaignâ€
- Daily CyberSecurity: Nationwide Smishing Scam Targets Toll Road Users, Stealing Payment Data
- Cyber Security News: Cisco Talos has uncovered an ongoing financial theft campaign targeting toll road users across the United States through SMS phishing, or “smishing,†attacks. This campaign, active since October 2024, impersonates toll payment services to steal sensitive user information.
- gbhackers.com: Cybersecurity researchers at Cisco Talos have uncovered a large-scale smishing campaign targeting toll road users across the United States.
Stu Sjouwerman@blog.knowbe4.com
//
A China-based cybercriminal group known as the Smishing Triad is behind a surge in smishing campaigns targeting consumers in the US and UK. The group is exploiting toll payment services by sending fraudulent text messages that appear to originate from legitimate toll collection agencies such as FasTrak, E-ZPass, and I-Pass. These deceptive messages claim unpaid toll bills or payment requests, tricking users into divulging sensitive personal and financial information. Tolling agencies throughout the United States are battling this escalating cybersecurity threat, highlighting the need for heightened vigilance.
These campaigns utilize tactics that make it difficult for consumers to protect themselves, primarily by spoofing Sender IDs (SIDs) via SMS, iMessage, and other instant messaging (IM) platforms. The attackers impersonate legitimate organizations, creating a sense of urgency to prompt immediate action from the recipients. The lower spam protection of SMS compared to email makes these IM channels a fertile ground for exploitation, leading to a higher likelihood of victims falling for the scam. The attackers’ objectives include financial gain and the theft of personal and financial data for future exploitation.
The scale of the campaign is significant, with the use of over 60,000 impersonation websites, complicating efforts by platforms like Apple and Android to block these fraudulent activities effectively. These fraudulent websites mimic official toll payment portals, tricking users into entering payment details or personal information, which is then harvested for financial fraud and identity theft. Federal and state agencies have issued warnings, advising individuals to verify toll-related claims through official websites and avoid clicking on links in unsolicited text messages. Consumers are also advised to report suspicious messages to authorities and enable security features on smartphones.
Recommended read:
References :
- www.cysecurity.news: Tolling agencies throughout the United States are battling an escalating cybersecurity threat that is causing deceptive text message scams, which are often called smishing, to escalate.
- BleepingComputer: Toll payment text scam returns in massive phishing wave
- gbhackers.com: Beware! Fake Unpaid Tolls Messages Used in Phishing Attack to Steal Login Credentials
- www.bleepingcomputer.com: The E-ZPass toll payment texts return in massive phishing wave
- Cyber Security News: Beware! Phishing Scam Uses Fake Unpaid Tolls Messages to Harvest Login Credentials
- The DefendOps Diaries: The Toll Payment Text Scam: A Modern Cybersecurity Threat
- www.bleepingcomputer.com: An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.
- gbhackers.com: Threat Actors Exploit Toll Payment Services in Widespread Hacking Campaign
- securityonline.info: Smishing campaigns exploiting toll payment systems to deceive consumers into disclosing sensitive information, often linked to popular platforms like FasTrak, E-ZPass, and I-Pass.
- Cyber Security News: In a sophisticated cybercrime operation, the Smishing Triad, a China-based group, has been identified as the orchestrator behind a surge in smishing campaigns targeting consumers in the US and UK.
- blog.knowbe4.com: Upgraded Phishing-as-a-Service Platform Drives a Wave of Smishing Attacks
- cybersecuritynews.com: Threat Actors Leveraging Toll Payment Services in Massive Hacking Attack
- securityonline.info: Smishing Triad Expands Fraud Campaign, Targets Toll Payment Services
- www.scworld.com: Toll payment service-targeted schemes by Smishing Triad escalates
- blog.talosintelligence.com: Unraveling the U.S. toll road smishing scams
- DataBreaches.Net: E-ZPass toll payment texts return in massive phishing wave
- Blog: Unpaid toll-themed smishing campaign gives victims no free ‘E-ZPass’
- Cisco Talos: Have you received a suspicious text that seemed to be from a toll road service? Discover how this widespread smishing scam is targeting U.S. drivers and uncover the actors behind it in our latest blog post:
- Cisco Talos Blog: Cisco Talos has observed a widespread and ongoing financial theft SMS phishing (smishing) campaign since October 2024 that targets toll road users in the United States of America.
- krebsonsecurity.com: China-based purveyors of SMS phishing kits are enjoying remarkable success converting phished payment card data into mobile wallets from Apple and Google. Until recently, the so-called “Smishing Triad” mainly impersonated toll road operators and shipping companies.
- www.silentpush.com: Smishing Triad: Chinese eCrime Group Targets 121+ Countries, Intros New Banking Phishing Kit
- bsky.app: SilentPush has published a profile of Chinese cybercrime group Smishing Triad. The group is massive, with operations across 121 countries. The report also looks at the group's new phishing kit, named Lighthouse.
- gbhackers.com: Smishing Triad has targeted numerous countries, including but not limited to UK, Canada, and USA.
- www.silentpush.com: Smishing Triad is a Chinese eCrime group systematically targeting organizations in at least 121 countries with SMS phishing “smishing†campaigns.
@go.theregister.com
//
India's central bank, the Reserve Bank of India (RBI), is set to introduce the exclusive "bank.in" domain for banks, a strategic move aimed at combating the rising tide of digital financial fraud. This initiative intends to significantly reduce cybersecurity threats and malicious activities such as phishing. The goal is to streamline secure financial services to enhance trust in digital banking and payment systems. With over 2,000 banks currently operating in India, assigning them an exclusive domain is expected to make it harder for fraudsters to create fake bank websites and lure victims.
This plan was detailed in a policy update, addressing the "significant concern" around increased digital payment fraud in India. Registration for bank.in domains is scheduled to commence in April. The RBI is also planning a separate domain, "fin.in," for other non-bank entities in the financial sector. To further enhance trust in online payments, the RBI is also introducing Additional Factor Authentication (AFA) for cross-border card-not-present online transactions. The Institute for Development and Research in Banking Technology (IDRBT) will serve as the exclusive registrar.
Recommended read:
References :
- The Register - Security: With over 2,000 banks in operation, the potential to make life harder for fraudsters is obvious India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves trust in the financial services sector.…
- The Hacker News: India’s RBI Introduces Exclusive "bank.in" Domain to Combat Digital Banking Fraud
- The Register: India wants all banking to happen at dedicated bank.in domain With over 2,000 banks in operation, the potential to make life harder for fraudsters is obvious India’s Reserve Bank last week announced a plan to use adopt dedicated second-level domains – bank.in and fin.in – in the hope it improves trust in the financial services sector.…
- Techmeme: Techmeme post on the India's bank.in plan.
@www.bleepingcomputer.com
//
The FCC has proposed a ~$4.5 million fine against Telnyx related to government imposter robocalls made on its network. This action comes after robocallers, posing as employees of the Federal Communications Commission, targeted FCC staff and their family members. The robocalls purported to be from a fictitious FCC “Fraud Prevention Team” and were made to both personal and work telephone numbers. The FCC alleges that Telnyx violated "Know Your Customer (KYC)" rules by providing access to calling services without verifying the customers' identities.
The scheme involved an artificial voice directing recipients to press one to speak with the "Fraud Prevention Team" or two to schedule a callback. One recipient reported being connected to someone who demanded payment in Google gift cards to avoid jail time. The FCC has stated it doesn't have any such "Fraud Prevention Team" and doesn't share staff personal phone numbers, and it "remains unclear how these individuals were targeted." The FCC believes the purpose of the calls was to threaten, intimidate, and defraud. Despite the severity of the situation, Telnyx has denied the allegations and plans to contest the proposed fine.
Recommended read:
References :
- arstechnica.com: Robocallers posing as FCC staff blocked after robocalling real FCC staff You can ignore robocalls from FCC "Fraud Prevention Team," which doesn't exist.
- www.bleepingcomputer.com: The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations.
- www.fcc.gov: FCC proposes a ~$4.5 million fine against Telnyx related to government imposter robocalls made on its network. Among other potential victims, the calls were made to FCC staff and their family members and purported to be from a fictitious FCC “Fraud Prevention Team.�
- BleepingComputer: The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules. However, Telnyx says the FCC is mistaken and denies the accusations.
- Steve Herman: FCC proposes a ~$4.5 million fine against Telnyx related to government imposter robocalls made on its network. Among other potential victims, the calls were made to FCC staff and their family members and purported to be from a fictitious FCC “Fraud Prevention Team.�
- BleepingComputer: The FCC has proposed a $4,492,500 fine against VoIP service provider Telnyx for allegedly allowing customers to make robocalls posing as fictitious FCC "Fraud Prevention Team," by failing to comply with Know Your Customer (KYC) rules.
- ciso2ciso.com: Source: go.theregister.com – Author: Iain Thomson In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog’s staff started calling actual FCC staffers via the VoIP telco.
- The Register - Security: Robocallers who called the FCC pretending to be from the FCC land telco in trouble
- go.theregister.com: The Register reports on the FCC's first enforcement action under the Trump administration.
- ciso2ciso.com: Robocallers who phoned the FCC pretending to be from the FCC land telco in trouble – Source: go.theregister.com
- The Register: Robocallers who called the FCC pretending to be from the FCC land telco in trouble Don't laugh: The $4.5m fine proposed for carrier Telnyx shows how the Trump administration will run its comms regulator In its first enforcement action of the Trump presidency, the FCC has voted to propose fining Telnyx $4,492,500 – after scammers pretending to be the watchdog's staff started calling actual FC…
- TechSpot: Rookie robocallers impersonate FCC, accidentally target actual FCC employees
- Ars Technica: Robocallers posing as FCC staff blocked after robocalling real FCC staff
|
|
FlagThis - #fraud