Sun Mar 23 15:30:00 UTC 2025: **FBI Warns of Widespread Chinese-Originated Smishing Scam Targeting Americans**

**Washington D.C. –** A massive smishing (SMS phishing) campaign originating in China is sweeping across the United States, targeting iPhone and Android users with fake toll payment notices. The FBI and other cybersecurity agencies are urging Americans to exercise extreme caution and delete any suspicious texts immediately.

The scam, detailed in a new report by the Anti-Phishing Working Group (APWG), involves texts claiming unpaid tolls, often mimicking legitimate toll agencies like EZPass. The messages direct users to fraudulent websites designed to steal personal and financial information, including credit card details and potentially even identities. While the initial scam focuses on toll fees, the underlying infrastructure can be easily adapted to other lures, making this a significant and evolving threat.

The scale of the attack is alarming. Robokiller reports over 19 billion spam texts were sent in the U.S. in February alone. Experts note that the scammers are less interested in the small toll fees and more focused on obtaining sensitive financial data.

The APWG highlights that the attacks utilize a sophisticated phishing kit sold in China, allowing for the easy creation of convincing fake toll notices and websites. While phone numbers used in the texts vary and sometimes originate from outside China, the websites often use less-known Chinese top-level domains like “.TOP,” “.CYOU,” and “.XIN,” serving as a red flag. The “.TOP” domain, in particular, has a history of being associated with phishing activities and unresolved compliance issues with ICANN.

Despite the scale of the problem, current anti-spam measures are proving insufficient due to the open nature of SMS and RCS protocols. Security firms like Trend Micro and Norton advise users to be vigilant, report suspicious texts to authorities (FBI’s IC3.gov or APWG), and regularly review their accounts for unauthorized activity. The FBI also suggests verifying toll balances through official websites and customer service numbers.

This is not an isolated incident. Similar attacks targeting cryptocurrency users, spoofing legitimate exchange communications, have also been reported by the Australian Federal Police. These cross-border scams underline the global nature of cybercrime and the urgent need for increased awareness and proactive security measures. Authorities warn that the nature of these scams will evolve, urging users to remain vigilant against any unsolicited messages requesting personal or financial information.

Read More