A China-based cybercriminal group, known as The Smishing Triad, has been linked to a rise in smishing campaigns that are targeting consumers in the US and UK. The campaigns involve fraudulent text messages impersonating legitimate tolling services, such as FasTrak, E-ZPass, and I-Pass, demanding payment for supposed unpaid tolls or requesting sensitive personal information.
The scammers use sophisticated techniques to appear as trusted organizations by spoofing sender IDs (SIDs) and utilizing platforms like SMS and iMessage. The messages often claim that the recipient owes money for unpaid tolls, urging them to pay immediately or risk penalties. Some texts even demand sensitive personal details, which are then exploited for future financial fraud or identity theft.
Resecurity researchers said that the campaign involves over 60,000 fraudulent domain names used to bypass security measures. Some of the malicious domains are registered under the ".xin" top-level domain, which is managed by Elegant Leader Limited in Hong Kong. The ".xin" domain is primarily used for Chinese-language sites and innovative organizations, adding a layer of complexity to the investigation.
A significant increase in smishing activity was noted in the first quarter of 2025, with millions of consumers across the US and UK falling victim. Many of these texts are also being sent from UK-based numbers through underground bulk IM/SMS services.
While these scams have primarily targeted tolling services, cybercriminals are also using similar tactics to impersonate banks. In these cases, victims are either asked to call a fraudulent phone number or click a phishing link that leads to a fake banking site, where they unknowingly provide their sensitive financial details.
The Smishing Triad's campaign leverages vast databases of stolen consumer data, often obtained from previous data breaches, to increase the effectiveness of their attacks. They also use underground services like "Oak Tel," which provides cybercriminals with the tools to manage and launch smishing campaigns at scale. The service, priced as low as $8 for 1,000 smishing messages, allows fraudsters to easily target victims while minimizing detection risks.
