Smishing Mode Appears on Mobile Phones, Recognize the Characteristics of New Fraud from China

Jakarta, CNBC Indonesia –Americans are being flooded with text messages claiming to be from toll road operators such as E-ZPass. The messages contain warnings that recipients will be fined if they do not pay their toll arrears.

Researchers say the surge in SMS spam coincides with new features being added to popular commercial phishing devices sold in China. The devices make it easier for cybercriminals to design scams that impersonate toll road operators in various states in the United States.

The Massachusetts Department of Transportation (MassDOT) is warning residents to be aware of a new SMS phishing or “smishing” scam targeting users of EZDriveMA, MassDOT’s electronic toll payment program.

Those who fall victim to the scam will be asked to provide payment card details and asked to provide a one-time password (OTP) sent via SMS or mobile authentication app.

Reports of similar SMS phishing attacks on customers of other US state-run toll facilities emerged around the same time as MassDOT’s warning. People in Florida, for example, reported receiving phishing text messages that spoofed Sunpass, Florida’s prepaid toll program.

This phishing module for spoofing MassDOT’s EZDrive tolling system was offered on January 10, 2025, by a China-based SMS phishing service called “Lighthouse.”

Ford Merrill, a security researcher at SecAlliance, said the volume of SMS phishing attacks that spoofed toll road operators skyrocketed after New Year’s 2025. This happened at least when one Chinese cybercriminal group known for selling sophisticated SMS phishing tools began offering new phishing pages designed to trick toll road operators in multiple states across the U.S.

According to Merrill, several China-based cybercriminals are selling different SMS-based phishing tools, each with hundreds or thousands of subscribers.

The ultimate goal of these tools, he said, is to get enough information from victims so that their payment cards can be added to a mobile wallet and used to buy goods at brick-and-mortar stores, online, or to launder money through shell companies.

SMS phishing tools aren’t a new scam, but Merrill said Chinese smishing groups have recently introduced innovations in delivery, integrating their spam messages with Apple’s iMessage technology and with RCS, the equivalent of Android’s “rich text” messaging capabilities.

“While traditional smishing tools rely heavily on SMS for delivery, today’s actors are heavily leveraging iMessage and RCS because carriers can’t filter them and they likely have a higher success rate with these delivery channels,” he said.

SOURCE : CNBC INDONESIA