Fast Feed

Chinese Innovations Spawn Wave of Toll Phishing Via SMS

1 min read

Summary

  • Researchers have noted a recent uptick in SMS phishing attacks spoofing U.S. toll road operators, including Ezpass, Alltransponders, and Fastpass.
  • The attacks ask targets to provide payment card data, and then solicit a one-time password sent via SMS or a mobile authentication app.
  • The surge in these SMS attacks coincides with the release of new capabilities in a popular commercial phishing kit sold in China that makes it simple to set up convincing lures spoofing EZPass and other toll operators in multiple U.S. states.
  • This particular phishing module for spoofing MassDOT’s EZDrive toll system was offered on Jan. 10, 2025, by a China-based SMS phishing service called “Lighthouse.”
  • Several different China-based cybercriminals are selling distinct SMS-based phishing kits that each have hundreds or thousands of customers.
  • The ultimate goal of these kits is to phish enough information from victims that their payment cards can be added to mobile wallets and used to buy goods at physical stores, online, or to launder money through shell companies.

Original Article