Got an unusual 'unpaid toll' text? FBI warns of 'Smishing' scam — urges Americans to delete them ASAP

Scams have long plagued everyday citizens, wreaking havoc on their lives and finances. With an ever-evolving landscape of deception, cybercriminals are now deploying their latest tactic—"smishing." According to PEOPLE, this alarming scheme tricks unsuspecting victims into surrendering their personal information and hard-earned money under the pretense of "unpaid road tolls." The term "smishing" cleverly combines SMS (short message service) with phishing, highlighting how these scammers lure victims in through enticing text messages. As technology advances, so do the methods of those seeking to exploit it, making vigilance more crucial than ever.

The FBI defined "smishing" as "a social engineering attack using fake text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals." For close to a year, the FBI Internet Crime Complaint Center (IC3) has seen a steady increase in the number of "smishing" complaints by civilians. In the scheme, the scammers send texts claiming to be from road toll collection services. The messages inform the victim that they have an "outstanding toll amount" and to avoid increasing charges, must pay the specified amount immediately. 

The scheme is so well thought out that the link the message instructs recipients to click for payment mimics the name of a state’s toll service, PEOPLE reported. The text message typically follows this format: "(State Toll Service Name): We've noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance." Many individuals have fallen prey to the scheme, not only providing money to the cheaters but also their financial information, like credit or debit card details and account information. In 2024, IC3 allegedly received more than 2,000 complaints of 'smishing' from civilians.

The Federal Trade Commission (FTC) has asked the public to be vigilant if they receive such messages, claiming that "it’s probably a scam" and that these fraudsters are working coast to coast. "Not only is the scammer trying to steal your money, but if you click the link, they could get your personal info and even steal your identity," the FTC warned. Apple iMessage has tried to protect its users by disabling links from unknown senders. However, scammers have found a way to break this protective barrier by fooling users into replying with 'Y' to activate the link.

Experts recommend that users carefully check the links they receive in messages for any mention of .XIN TLD. If .XIN TLD is present in the domain, it usually indicates that the link has been created by Chinese cybercrime groups. Meanwhile, PEOPLE also lists examples of other domains that consumers need to keep an eye out for. 

Authorities have requested that people delete any phishing messages they have received. If people mistakenly click on such links, they must immediately take steps to protect their personal and financial information. The FBI further asked civilians if they become victims of such schemes, they should inform the authorities immediately. In such instances, they must provide the impersonator's phone number and the fraudulent links to the authorities.