FBI Warns iPhone, Android Users of Surge in Chinese Phishing Texts

WASHINGTON, D.C. — The FBI is alerting Americans about an alarming increase in phishing text messages from Chinese attackers targeting both iPhone and Android users. These fraudulent messages, posing as notifications from toll road operators, are designed to coerce recipients into providing personal information and possibly compromising their financial security.

Earlier this month, the FBI cautioned users to delete any texts suggesting unpaid tolls on their vehicles. The agency states these messages are part of a broader campaign, involving systematic harassment with fake toll bills. This warning comes in the wake of a December 2024 advisory urging individuals to refrain from sending texts due to rising cybersecurity threats from foreign actors.

“If you receive a text claiming you owe money for unpaid tolls, there’s a strong likelihood it’s a scam,” the FBI noted. “Delete it immediately.” This advice reflects a growing pattern where cybercriminals mimic legitimate sources to gain sensitive information.

The Anti-Phishing Working Group (APWG) has reported a concerning rise in such ‘smishing’ texts across the United States, with cybercriminals utilizing advanced tactics to deceive users. A report indicates that “residents are being bombarded with messages purporting to be from U.S. toll road operators, including E-ZPass,” one of the nation’s major electronic toll collection systems.

Experts warn that these attacks are not limited to just toll fraud. They are broader in scope, leveraging sophisticated phishing kits available from overseas, which can easily adapt to different scams—from fake deliveries to mimicries of official notifications. Cybersecurity firm Censys describes these messages as part of an infrastructural attack: “This is not just about stealing a few dollars; it’s an organized effort to extract your personal details,” said Aidan Holland from the firm.

In February alone, over 19 billion spam texts were reported across the U.S., a statistic showcasing the scale of the problem. The APWG notes that the fraudulent texts share similar language, claiming unpaid toll amounts with links that spoof state toll services. “The links provided are built to impersonate valid toll agencies, pulling random phone numbers, sometimes targeting individuals who don’t even use toll roads,” they commented.

A significant red flag associated with these scam messages is their linking to lesser-known Chinese top-level domains such as .TOP, .CYOU, and .XIN. Investigations have highlighted that these domains are often utilized in fraudulent activities and are under scrutiny by the Internet Corporation for Assigned Names and Numbers (ICANN).

Despite the existence of anti-spam mechanisms on SMS and RCS protocols, the effectiveness against evolving tactics from scammers remains inadequate, leaving many individuals vulnerable. Jon Clay, a cybersecurity expert at Trend Micro, stated, “Apple doesn’t address these threats effectively; while Android blocks known spam numbers, scammers frequently cycle through phone numbers.”

In light of the ongoing crisis, the FBI has reiterated its guidance to verify any toll charges by visiting official service websites and to report scam attempts through the FBI’s Internet Crime Complaint Center or directly to APWG. Users are advised to regularly audit their accounts for any suspicious activity, changing passwords if they have interacted with fraudulent content.

The APWG warns that, while current scams focus on toll notifications, the strategies employed by these cybercriminals could shift to exploit new vulnerabilities, urging individuals to remain vigilant.