Key highlights
- FBI warns of sophisticated toll payment scam targeting smartphone users across states
- Chinese cybercriminal groups identified as likely perpetrators
- Federal agencies provide guidance on protecting personal information
A new nationwide alert from the Federal Bureau of Investigation (FBI) is urging iPhone and Android users across the United States to exercise extreme caution with text messages, particularly those claiming to be from toll authorities. “The scam may be moving from state-to-state,” warns the agency, suggesting that areas currently unaffected could soon become targets.
How the scam works
The sophisticated scheme begins with what appears to be a routine text message from a toll agency, claiming the recipient has outstanding payments that require immediate attention. The scam’s simplicity masks its dangerous nature: victims who click on the provided payment link are directed to a fraudulent page designed to harvest sensitive financial information, including bank account and credit card details.
The Federal Trade Commission (FTC) has joined the FBI in raising awareness about these deceptive messages. “Not only is the scammer trying to steal your money, but if you click the link, they could get your personal info (like your driver’s license number) – and even steal your identity,” the FTC cautions.
Protecting yourself
The FBI has outlined specific steps for consumers to verify legitimate toll charges:
- Access toll services only through official websites
- Contact customer service directly through verified phone numbers
- Delete suspicious texts immediately to prevent accidental clicks on malicious links
Chinese connection
Intelligence gathered points to Chinese cybercriminal organizations as the primary suspects behind these attacks. These groups have developed sophisticated “commercial phishing kits” that include templates specifically designed to impersonate toll operators across multiple states.
This toll payment scam is part of a larger pattern of cyber threats. The same criminal networks have been observed:
- Impersonating shipping companies
- Posing as tax agencies
- Targeting immigrants through fake immigration services
In a notable precedent, December saw the exposure of a Chinese hacking group known as “Salt Typhoon,” which successfully breached major U.S. telecommunications providers, including AT&T, T-Mobile, and Verizon, conducting surveillance operations on their customers.
Enhanced security recommendations
To combat these evolving threats, FBI officials recommend:
- Using phones that receive regular operating system updates
- Implementing responsible encryption practices
- Enabling phishing-resistant two-factor authentication
As these scams continue to evolve and spread nationwide, staying informed and maintaining vigilant cybersecurity practices remains crucial for smartphone users.