Smishing, a combination of "SMS" and "phishing," involves fraudulent text messages designed to trick recipients into revealing personal information or clicking malicious links. These scams have evolved, becoming more sophisticated and harder to detect, putting millions of Americans at risk.

Read more: Phishing Scam in California: How to Spot Deceptive Messages and Protect Yourself

Recent Surge in Smishing Scams

Since early 2024, the FBI's Internet Crime Complaint Center (IC3) has received over 2,000 complaints about smishing texts impersonating road toll collection services in at least three states. These messages typically claim the recipient owes money for unpaid tolls and include a link to settle the balance. The links often mimic legitimate state toll service websites, making it difficult to identify them as fraudulent.

In a more alarming development, Palo Alto Networks’ Unit 42 reported that cybercriminals have registered over 10,000 fake domains in a coordinated effort to steal credit card details, Social Security numbers, and other personal information. The campaign lures victims into revealing sensitive financial data by sending deceptive messages designed to appear legitimate.

FBI Warns of New Smishing Scam: How Cybercriminals Are Stealing Your Data Through Fake Texts

How Smishers Are Targeting Victims

Smishers continuously refine their tactics to increase the effectiveness of their scams. Common methods include:

• Personalized Messages: Scammers tailor messages to specific regions or services, such as toll agencies, to appear more credible. For example, messages reference local toll roads or use familiar terminology related to the targeted area.

• Impersonation of Trusted Entities: Fraudsters pose as reputable organizations, including banks, government agencies, or service providers, using official logos, language, and spoofed phone numbers.

• Urgent or Threatening Language: Many messages create a sense of urgency by warning of unpaid bills, potential fines, or legal actions, pressuring recipients into acting quickly without verifying the information.

Notable Smishing Cases in the U.S.

Several recent incidents highlight the growing threat of smishing scams:

• North Carolina Toll Scam: On March 11, 2025, a North Carolina resident received a message stating: "The Toll Roads Notice of Toll Evasion: You have an unpaid toll bill on your account. To avoid late fees, pay within 12 hours or the late fees will be increased and reported to the DMV." The message encouraged recipients to reply “Y” and reopen the text to access a malicious payment link. The FBI confirmed that such messages were circulating across multiple states and were tailored to look legitimate in specific regions.

• Bay Area FasTrak Scam: In California, scammers sent texts impersonating the state’s FasTrak system, claiming unpaid tolls. The links directed victims to fraudulent websites designed to steal personal and financial information.

USPS Delivery Scam: Cybercriminals posed as the United States Postal Service (USPS), informing recipients about supposed package delivery issues, urging them to click on links that installed malware or harvested their personal data.

• Bank Fraud Alerts: Some messages impersonated major banks, alerting recipients to supposed "suspicious activity" on their accounts and directing them to fake login pages that collected their banking credentials.

How to Identify Smishing Texts

Recognizing smishing attempts is crucial for protection. Key indicators include:

• Unknown or Spoofed Numbers: Messages from unfamiliar or masked numbers should be treated with suspicion.

• Urgent or Threatening Language: Messages that pressure immediate action, such as account closures or legal threats, are red flags.

• Suspicious Links: Unsolicited messages containing links—especially those with misspellings or unfamiliar domains—should be avoided.

• Requests for Personal Information: Legitimate organizations typically do not request sensitive data via text messages.

Preventive Measures

To protect yourself from smishing attacks, follow these steps:

• Be Skeptical of Unsolicited Messages: Avoid responding to texts from unknown numbers, especially those requesting personal information or urging immediate action.

• Do Not Click on Links: If you receive an unexpected message, contact the organization directly through their official website or customer service.

• Enable Multi-Factor Authentication (MFA): Adding an extra layer of security to your accounts makes unauthorized access more difficult.

• Update Software and Security Apps: Keeping your operating system and security software updated helps defend against known vulnerabilities.

• Use Security Applications: Install reputable security apps that can detect and block potential smishing attempts.

What to Do If You Receive a Suspicious Text

If you believe you have been targeted by a smishing scam:

• Do Not Respond or Click Links: Avoid replying, clicking on links, or calling numbers provided in the message.

• Report the Message: Forward the text to your mobile carrier’s spam reporting service (often 7726) and report it to the Federal Trade Commission (FTC) or the FBI’s IC3.

• Monitor Financial Statements: Regularly review your bank and credit card statements for unauthorized transactions.

• Notify Relevant Institutions: If personal information was compromised, immediately inform your bank, credit card company, or other affected institutions.

The Growing Threat of Smishing in the U.S.

Cybersecurity experts warn that smishing scams are spreading rapidly. According to Bleeping Computer, recent toll payment scams have prompted warnings in numerous U.S. cities, including Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, and San Francisco. The widespread nature of these attacks shows that no region is immune to smishing attempts.

Conclusion

As smishing scams become more sophisticated, vigilance is essential. By recognizing the signs of smishing and implementing preventive measures, individuals can protect themselves from falling victim to these malicious schemes. If you receive an unsolicited message claiming to be from an official source, always verify it through trusted communication channels. Stay cautious, stay informed, and prioritize digital security to prevent financial and identity theft.

Top 4 Zodiac Signs Most Likely to Fall for Scams – Exercise Caution in 2024 Top 4 Zodiac Signs Most Likely to Fall for Scams – Exercise Caution in 2024

Astrology predicts that in 2024, these zodiac signs will be the easiest to fool. Remain impartial as disillusionment can occur at any moment.
Top 10 Most Common Phone Scams That You Should Be Aware Top 10 Most Common Phone Scams That You Should Be Aware

Phone scammers are regrettably fairly common, and they frequently exploit people's kindness or fear. Here are some common phone scams to be careful of.
How to Protect Yourself from Scams Following the Southern California Wildfire How to Protect Yourself from Scams Following the Southern California Wildfire

We explores common scams following disasters, particularly those facilitated through social media, and provides actionable advice to help protect yourself and your loved ones.
Who Is Aurora Phelps? Las Vegas Woman Drugged Elderly Men in Romance Scams Who Is Aurora Phelps? Las Vegas Woman Drugged Elderly Men in Romance Scams

​In a case that has sent shockwaves through both the United States and Mexico, 43-year-old Aurora Phelps stands accused of orchestrating a complex and deadly ...