Massive Ongoing US Toll Fraud Underpinned by Chinese Smishing Kit
Attackers spoofed automated toll payments in SMS messages.
Numerous threat actors are leveraging an SMS phishing kit - developed by Chinese threat actor "Wang Duo Yu" - to conduct a widespread attack.
According to research by Cisco Talos, the campaign has been leveraged against toll road users since October, The Hacker News reports.
Efforts included the spoofing of E-ZPass and other U.S. automated toll payment systems in texts, and fake alerts about unpaid tolls that include a link which redirects to a bogus E-ZPass page seeking victims' names and ZIP codes. This further redirects to another fake page for payment.
Researchers found that the smishing kit in the attacks were similar to those utilised by Chinese threat operation Smishing Triad which used more than 60,000 domains to elude disruption.
Upcoming Events
Related content
Crypto phishing scam crackdown sought by new global international law enforcement operation
Iran war triggers cybercrime surge, report finds
Global cybercrime clampdown disrupts over 45K illicit IP addresses
Report: UK cyberattacks grow faster than global rate
Novel CyberStrikeAI tool exploited in attacks
Industry urges reform to retain women in tech
NCSC flags heightened threat in Middle East
Confirm cancellation
An error occurred trying to play the stream. Please reload the page and try again.
CloseSign up benefits
Registering with SC Media is 100% free. Join tens of thousands of cybersecurity leaders today and gain access to the latest analysis shaping the global infosec agenda.
- Weekly newsletters featuring industry-leading insight
- Access to free cyber expert webinars and videos
- Privileged viewership of special reports, such as the Annual Cyber Salary Survey and Women of Influence