216.73.216.86

Unraveling the U.S. toll road smishing scams

· Published 11/04/2025 03:27 · Modified 11/04/2025 09:20

Export JSON

Essential information

Published
11/04/2025 03:27
Modified
11/04/2025 09:20
Tags
2025-04-10 2025-04-11 financial theft phishing kit smishing sms phishing toll road toll road scams typosquatting u.s. states
Related entities
1 vulnerabilities (cve), 43 observables, 1 intrusion sets (apt), 4 techniques (mitre), 3 others

Description

A widespread campaign targeting users across multiple has been observed since October 2024. The attacks impersonate automatic payment services like E-ZPass, claiming outstanding bills under $5 USD and warning of late fees. Victims are directed to spoofed domains where they are prompted to enter personal and credit card information. The campaign is believed to be carried out by multiple financially motivated threat actors using a kit developed by 'Wang Duo Yu'. The kit's developer offers tutorials and services through Telegram channels and a YouTube channel. The ongoing campaign has targeted at least eight states, including Washington, Florida, Pennsylvania, and Texas, using typosquatted domains resolving to specific IP addresses.

External references