Unraveling the U.S. toll road smishing scams
Essential information
- Published
- 11/04/2025 03:27
- Modified
- 11/04/2025 09:20
- Tags
- 2025-04-10 2025-04-11 financial theft phishing kit smishing sms phishing toll road toll road scams typosquatting u.s. states
- Related entities
- 1 vulnerabilities (cve), 43 observables, 1 intrusion sets (apt), 4 techniques (mitre), 3 others
Description
A widespread financial theft SMS phishing campaign targeting toll road users across multiple U.S. states has been observed since October 2024. The attacks impersonate automatic payment services like E-ZPass, claiming outstanding bills under $5 USD and warning of late fees. Victims are directed to spoofed domains where they are prompted to enter personal and credit card information. The campaign is believed to be carried out by multiple financially motivated threat actors using a smishing kit developed by 'Wang Duo Yu'. The kit's developer offers tutorials and services through Telegram channels and a YouTube channel. The ongoing campaign has targeted at least eight states, including Washington, Florida, Pennsylvania, and Texas, using typosquatted domains resolving to specific IP addresses.