A sophisticated cybercriminal operation is targeting toll payment services globally. This campaign relies on convincing SMS phishing (smishing) messages, reaching millions of consumers using electronic toll collection systems. The attackers use fraudulent messages that claim unpaid tolls or account issues, creating a sense of urgency and tricking users into visiting fake websites designed to steal personal information. The operation has evolved with the use of over 60,000 unique domain names to evade detection and blocking mechanisms.
The attackers have demonstrated an exceptional ability to spoof official toll service communications. Their messages appear legitimate, with official sender IDs and formatting that closely mimic authentic notifications. The sophistication of these tactics makes it challenging for average consumers to distinguish between real and fraudulent messages. Researchers attribute this campaign to the “Smishing Triad,” a China-based threat actor group with a history of targeting banking institutions and e-commerce platforms.
The infrastructure supporting this campaign relies on underground bulk SMS services like “Oak Tel” (also known as “Carrie SMS”). These services enable cybercriminals to mass-deliver smishing messages with customized sender IDs, making detection difficult. The Oak Tel platform allows attackers to configure and monitor their campaigns in real-time, optimizing message delivery and targeting. For as little as $8.00, attackers can send 1,000 smishing messages to UK consumers, making this an efficient and cost-effective attack method.
This campaign exploits the inherent trust users place in SMS communications, which often have fewer spam protections than email. As text messages are more likely to be trusted, users may respond to these fraudulent messages, putting their personal and financial data at risk. Federal and state agencies have issued warnings advising individuals to verify toll-related claims directly through official websites and not to engage with unsolicited messages.
