The attackers have demonstrated remarkable sophistication in their ability to spoof official toll service communications, making it exceptionally difficult for average consumers to distinguish between legitimate messages and fraudulent ones. At the center of this operation is an underground bulk SMS service identified as “Oak Tel” (also known as “Carrie SMS”), which provides cybercriminals with sophisticated tools to manage their smishing campaigns. Resecurity researchers identified the operation as the work of “Smishing Triad,” a China-based threat actor group that has previously conducted similar campaigns against banking institutions and e-commerce platforms. These fraudulent messages create a false sense of urgency by claiming unpaid tolls or account issues that require immediate action, ultimately leading victims to fraudulent websites designed to steal personal and financial information. Text messages typically have reduced spam protection mechanisms, and consumers are more likely to respond to urgent notifications that appear to come from legitimate services they actively use. A sophisticated cybercriminal operation has emerged targeting toll payment services across multiple regions, with evidence suggesting this campaign will continue expanding globally. The campaign represents a significant evolution in smishing tactics, utilizing over 60,000 unique domain names to evade detection and blocking mechanisms. Messages appear to originate from legitimate tolling agencies, complete with official-looking sender IDs and formatting that closely mimics authentic communications. For approximately $8.00, attackers can deploy 1,000 smishing messages to UK consumers, making this a highly cost-effective attack vector. What makes detection particularly challenging is the ability to dynamically modify Sender IDs to impersonate legitimate organizations such as “US Postal Service” or “Chase Bank”. Cyber Security News is a Dedicated News Platform For Cyber News, Cyber Attack News, Hacking News & Vulnerability Analysis. The attack, characterized by highly convincing SMS phishing (smishing) messages, has already reached millions of consumers who use electronic toll collection systems. The technical underpinnings of this campaign leverage underground bulk SMS services that allow for mass-scale message delivery with customized sender identification. This level of sender spoofing capability, combined with the ability to rapidly rotate through thousands of domains, creates a persistent threat that traditional security controls struggle to mitigate effectively. Federal and state agencies have issued warnings about these scams, advising individuals to verify toll-related claims directly through official websites rather than responding to unsolicited messages.
This Cyber News was published on cybersecuritynews.com. Publication date: Mon, 07 Apr 2025 14:35:05 +0000