According to Forbes, the FBI has released a warning about a new smishing scam disguising itself as highway tolls that is targeting several states and thousands of people.

The FBI Public Service Announcement provided an example of what the new smishing scam looks like via text messages. They often include the state toll’s service name and a website link, all coming from a fake phone number.

What’s smishing?

According to the Federal Communications Commission, smishing is “a mashup of SMS — for ‘short message service’ — and phishing.”

Smishing scams will often act like an official institution and send a text message that includes a link or phone number for you to click on. If you give your information to these scams, the scammers can manipulate it, sell it or use it in other scams. Some scammers will try to convince you to download malware.

Per IBM, smishing is a popular cybercrime by scammers, with a report from Proofpoint finding that “76 percent of organizations experienced smishing attacks in 2022.”

Smishing has become an easy tactic for scammers to get personal information, since people are more likely to click a text message than an email. According to IBM, because workplaces have allowed employees to bring their own devices, cybercriminals can access a company’s network through these personal devices.

Smishing scams have caused people to lose $300 million, according to Forbes, with over 400,000 smishing texts being sent each day. Half of smartphone users receive these text messages.

Tips to avoid falling into a smishing scam

If you find yourself receiving a toll smishing scam, the FBI suggests taking the following steps.

  1. Report it to the Internet Crime Complaint Center and include the phone number and website the text message provides.
  2. Check your state’s official toll website to check your toll status and contact them if necessary.
  3. Delete the smishing text immediately or, if you already fell victim to it, secure your personal information and bank information as soon as possible.

To protect yourself from future smishing scams, the FCC suggests doing the following if you ever receive a smishing text.

  1. Never respond to or call unfamiliar phone numbers, and avoid clicking any links they provide.
  2. Delete suspicious texts immediately and make sure your device is up to date on security features.
  3. Install security apps onto your device.
  4. Activate multifactor authentication for personal information like bank accounts and health records.

If you still struggle to tell if a message you received is a smishing scam, Verizon has identified several features that most smishing texts have.

  • The message is completely random and out of nowhere; common ones include winning a prize, a delivery issue or free money.
  • The message wants you to act immediately.
  • The message is full of typos and grammar mistakes.
  • The message is from a strange number and/or a suspicious email.
  • The message includes a suspicious link it wants you to click on.
Related
As election season heats up, so do scammers