Unraveling the U.S. toll road smishing scams

SUMMARY :

Since October 2024, a widespread financial theft SMS phishing campaign has been targeting toll road users across multiple U.S. states. The attackers impersonate automatic payment services like E-ZPass, sending SMS notifications for small outstanding bills under $5 USD. Victims are directed to spoofed domains where they're prompted to enter personal and credit card information. The campaign is believed to be carried out by multiple financially motivated threat actors using a smishing kit developed by 'Wang Duo Yu'. The actors have targeted at least eight states, including Washington, Florida, Pennsylvania, and others. The phishing infrastructure involves typosquatted domains resolving to specific IP addresses. The smishing kits are being sold on Telegram channels, with the developer offering various services and tutorials related to web development and server setup.

OPENCTI LABELS :

typosquatting,smishing,phishing kit,sms phishing,toll road,u.s. states,financial theft


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


Unraveling the U.S. toll road smishing scams