Chinese phishers are reportedly targeting US residents with text messages that appear to be from US toll road operators. These “smishing” texts are said to be targeting iPhone and Android users across America with fake toll bills. The FBI has advised users to delete these texts immediately. One cyber expert has also described the scale of this issue as “astronomical.” According to a report by the Anti-Phishing Working Group (APWG), “residents of the US are being bombarded with text messages from Chinese phishers, purporting to come from US toll road operators, including the multi-state E-ZPass.” These kits also send package delivery and other fake messages. This is described as an infrastructural attack on phones. In December 2024, the FBI also advised Americans to stop sending texts due to Chinese hackers.
What the FBI said about the scam
In a statement to Forbes, the FBI said: “The texts claim the recipient owes money for unpaid tolls and contain almost identical language. The ‘outstanding toll amount’ is similar. However, the link provided within the text is created to impersonate the state’s toll service name, and phone numbers appear to change between states.”
Attackers are reportedly registering tens of thousands of domains to impersonate state and city toll agencies, using an advanced phishing kit from China to send nearly identical scam texts.
These messages, often sent to random phone numbers regardless of toll usage, usually include links with Chinese top-level domains like .TOP, .CYOU, and .XIN—the .TOP domain in particular has a history of abuse and remains under ICANN investigation.
Despite available anti-spam measures on SMS and RCS protocols, scammers continually change tactics, making prevention difficult. Users are urged to report these scams to help improve global blocking mechanisms and to verify toll charges only through official sources while taking precautions such as changing passwords if they click on any suspicious links.
