What the Heck is Smishing? The FBI Warns of a Growing Scam

by Webmaster | Mar 12, 2025 | News | 0 comments

In a new cybersecurity alert, the FBI has warned Americans about a growing wave of smishing attacks—fraudulent SMS messages designed to trick users into revealing personal and financial information. Cybercriminals have registered over 10,000 domains to fuel this new scam, making it easier for them to target unsuspecting victims nationwide.

What Are Smishing Attacks?

Smishing (SMS phishing) is a cyber scam where criminals send fraudulent text messages pretending to be from legitimate organizations. These messages often claim that the recipient has an unpaid toll, an urgent package delivery, or another pressing issue that requires immediate action. Clicking on the provided link, however, leads to a fake website designed to steal sensitive information such as credit card numbers, login credentials, or even full identities.

How the Scam Works

  1. You receive a text message stating that you owe an unpaid toll, have a failed package delivery, or must resolve an urgent financial issue.
  2. The message includes a suspicious link leading to what appears to be an official website for a toll service, FedEx, USPS, or another well-known company.
  3. If you click the link, you are taken to a fake site designed to collect your personal information or financial details.
  4. Some scams prompt you to enter payment details multiple times, displaying fake “transaction failed” messages to collect multiple card numbers.

Why This Scam Is Spreading Rapidly

According to Palo Alto Networks’ Unit 42, these smishing attacks are leveraging domain names that mimic real services but use deceptive addresses—often ending in the .XIN top-level domain, associated with Chinese cybercrime operations. Some of the fraudulent domain examples include:

  • dhl.com-new[.]xin
  • fedex.com-fedexl[.]xin
  • sunpass.com-ticketap[.]xin
  • usps.com-tracking-helpsomg[.]xin

This tactic allows scammers to make their fraudulent sites appear legitimate, increasing the likelihood that victims will fall for the trap.

Most Targeted Cities in the U.S.

Smishing scams are being reported across the country, with a significant increase in:

  • Dallas, TX
  • Atlanta, GA
  • Los Angeles, CA
  • Chicago, IL
  • Orlando, FL
  • Miami, FL
  • San Antonio, TX
  • Las Vegas, NV
  • Houston, TX
  • Denver, CO
  • San Diego, CA
  • Phoenix, AZ
  • Seattle, WA
  • Indianapolis, IN
  • Boardman, OH

Key Signs of a Smishing Text

  • Claims you have unpaid tolls or failed deliveries.
  • Uses urgent language to pressure you into clicking the link.
  • Contains a link with strange formatting or unusual domain names.
  • Includes hyphenated web addresses or slight misspellings of real websites.
  • Shows foreign-style formatting, such as placing the dollar sign after the amount instead of before it.

How to Protect Yourself

  1. Never click on links in unsolicited texts—instead, visit the official website directly by typing its URL into your browser.
  2. Verify messages by contacting the service provider using their legitimate customer support number.
  3. Enable spam filters on your phone to reduce the risk of receiving scam texts.
  4. Report scam texts to authorities at the Internet Crime Complaint Center (IC3) at www.ic3.gov.
  5. Delete any smishing texts immediately—do not reply or engage.

What To Do If You’ve Been Scammed

If you clicked on a fraudulent link or entered your details, take these steps immediately:

  • Contact your bank or credit card provider to report the fraud and secure your accounts.
  • Monitor your accounts for unauthorized charges.
  • Update your passwords and enable two-factor authentication where possible.
  • Report the scam to the FBI’s IC3 website (www.ic3.gov) to help track and shut down these scams.

Final Takeaway: Stay Alert and Stay Safe

Cybercriminals are becoming more sophisticated, but by staying informed and cautious, you can protect yourself from these smishing attacks. Remember, no legitimate toll service, bank, or delivery company will ever demand immediate payment through a random text message link. If something seems suspicious, trust your instincts—delete the message and move on.

For more cybersecurity updates, stay tuned to reliable sources and always verify before you click!

Submit a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.