This week, I received a fake text message (a smish) saying my E-ZPass account was overdue and that I urgently needed to pay it. That’s a new one and, apparently, quite effective. Luckily, I knew it was a scam, but others were victimized.
According to the website Krebs on Security, security researchers “say the surge in SMS spam coincides with new features added to a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing toll road operators in multiple U.S. states.”
Residents in multiple states have been targeted, to the point where the Massachusetts Department of Transportation issued a warning about the smishing scheme using its EZDriveMA electronic tolling program. Others targeted by the scam include California, Colorado, Connecticut, Florida, Minnesota, Rhode Island, Texas, and Washington residents.
According to a reported conversation with a security researcher at SecAlliance, these smishing attacks increased after the New Year, when “at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages designed to spoof toll operators in various U.S. states.” The purpose is to get consumers’ credit card information.
It has been such a problem that the Federal Trade Commission issued a consumer alert about it last week. If you receive a smish purporting to be from a toll road operator, delete it. Do not click the link or visit the site it directs you to.