News

Report says your money and identity are at risk from the next wave of smishing attacks on your phone

News Room

Last month we told you that the FBI issued an alert detailing a serious scam that was moving from state to state. Victims would receive a bogus text (through a practice called ‘smishing’) stating that they owed money for unpaid road tolls. As with any smishing attack, the scammers try to put pressure on you to take the actions they want you to take. In this case, the text threatens additional fines if you don’t pay the unpaid amount immediately. The goal is to get you to pay the amount due by opening a page that allows you to enter your banking account or credit card information to make such payments.

I’ve recently been the recipient of several such texts and just deleted them immediately. After all, if you were to give the scammers the info they want, not only could they get into your bank account or take over your credit card account and wipe you out, the attackers could even steal your identity as the information they ask for includes your Driver’s License number.

Bad actors have registered 10,000 domain names in preparation for the next wave of attacks

The FBI noted in its original alert that iPhone and Android users should delete any smishing texts received. A new report from Palo Alto Networks’ Unit 42 dated March 6th says that a threat actor has registered over 10,000 domain names which will be used on new attacks. The new texts are written to get victims to reveal personal and financial information including credit card, debit card, and banking account information.

The original attacks used bogus texts demanding payments for fake unpaid road toll balances be made to phony state-specific toll agencies. Based on some of the new domain names registered by the threat actor, it would appear that new attacks will add texts related to delivery services to pressure you into making payments for charges you don’t owe. At the same time, while making these payments, the threat actor is hoping you will reveal banking and credit card info along with personal identification numbers. 

To reiterate, armed with this info, attackers can get into your bank account and wipe you out, run through your credit cards, and steal your identity. Besides the toll scam, watch out for bogus texts pretending to be from delivery companies stating that you have a package but it can’t be delivered unless you pay a small amount for delivery charges.

The new attacks have been seen in 10 U.S. states and one Canadian province including California, Florida, Illinois, Kansas, Massachusetts, Pennsylvania, New Jersey, New York, Texas, Virginia, and the Canadian province of Ontario.

Watch out for these domain names

There is one important thing to note. The smishing texts come from email addresses or phone numbers. Because iMessage does not allow links, scam texts on that platform will ask you to reply “Y” and reopen the text. If you do this, it will allow the attackers to include links on texts sent to you through iMessage.

Here are some examples of domain names that are being used with this campaign:

  • dhl.com-new[.]xin
  • – driveks.com-jds[.]xin
  • – ezdrive.com-2h98[.]xin
  • – ezdrivema.com-citations-etc[.]xin
  • – ezdrivema.com-securetta[.]xin
  • – e-zpassiag.com-courtfees[.]xin
  • – e-zpassny.com-ticketd[.]xin
  • – fedex.com-fedexl[.]xin
  • – getipass.com-tickeuz[.]xin
  • – sunpass.com-ticketap[.]xin
  • – thetollroads.com-fastrakeu[.]xin
  • – usps.com-tracking-helpsomg[.]xin

You should be wary of any text you receive these days. Texts that mention one of these domain names should be deleted immediately.

Share This Article
Previous Article Save 45% on this really cool retro Philips Hue Smart 60W ST19 smart light
Next Article Time To Combat Market Downturn | HackerNoon
Leave a comment

Leave a Reply

Your email address will not be published. Required fields are marked *

Exit mobile version