FBI warns iPhone and Android users over ‘smishing’ text scam. Here's how to remain safe
The FBI has issued a warning about a rising cyber threat moving "from state to state" across the US, targeting citizens through malicious SMS messages, or "smishing" texts.
The Federal Bureau of Investigation (FBI) has issued a warning to Americans, alerting them to "smishing" attacks - deceptive text scams designed to siphon off personal and financial data from unsuspecting victims.
The term "smishing" fuses SMS and phishing, referring to fraudulent text messages crafted to manipulate users into revealing sensitive details such as passwords, credit card numbers, and banking credentials. According to federal authorities, cybercriminals have ramped up their efforts dramatically, registering over 10,000 scam-ridden domains to orchestrate these schemes.
Latest Videos
The FBI notes that smishing incidents have skyrocketed fourfold since January 2025, signaling an urgent cybersecurity crisis.
How the scam operates?
A recent report by Unit 42, the cybersecurity research division of Palo Alto Networks, reveals that these scams have evolved far beyond simple toll frauds. Initially, cybercriminals lured victims with fake notices about unpaid toll fees. Now, they’ve expanded their deception to bogus package delivery alerts impersonating well-known services like FedEx and DHL.
"What started as a toll scam has grown into a sophisticated operation targeting unsuspecting Americans with fake alerts about unpaid bills or undelivered packages," said a Unit 42 spokesperson.
Scammers have been duping victims by sending fraudulent payment requests, followed by declined card messages to delay detection. With a growing number of users falling prey to these tactics, cybercriminals are now replicating trusted brands—sending fake tracking links for non-existent shipments.
The Federal Trade Commission (FTC) has sounded the alarm, warning that clicking on these deceptive links could lead to severe financial and personal identity theft.
"Clicking a link might seem harmless, but it can open the door to devastating consequences," an FTC official cautioned.
Scammers craft their messages to appear urgent and credible, often instructing recipients to settle overdue bills or confirm shipping details through fraudulent payment portals. To evade Apple’s iMessage security filters, fraudsters have even begun instructing users to manually copy-paste URLs.
Also read: Tata Safari Stealth vs Mahindra Scorpio N Carbon: Which all-black SUV wins?
The China connection?
Cybersecurity analysts suspect these attacks are operating under a "franchise model," with hacking toolkits originating from Chinese cybercriminal groups. Unit 42's investigation uncovered a series of fraudulent domains using China's .XIN top-level domain, including:
- dhl.com-new[.]xin
- fedex.com-fedexl[.]xin
- sunpass.com-ticketap[.]xin
"Legitimate US toll services and delivery companies would never use foreign domains like these," the FTC clarified.
Where smishing scams hit hardest?
A McAfee report highlights that the worst-affected cities in America include:
- Dallas, Atlanta, Los Angeles, Chicago, and Orlando—the top five hotspots for smishing attacks.
- Miami, Houston, Denver, Phoenix, and Seattle—also heavily targeted in this cyber onslaught.
FBI’s survival guide: How to outsmart smishing scams
- Report suspicious messages to the Internet Crime Complaint Center (IC3) at http://www.ic3.gov.
- Verify payments directly through official toll or delivery service websites.
- NEVER click on links from unknown senders or suspicious messages.
- Delete scam texts immediately—DO NOT engage with them.
- If you’ve already shared your details, immediately secure your accounts and dispute unauthorized charges.
"Scams are relentless, but awareness and quick action can stop them," an FBI spokesperson emphasized.
subscribe to Asianet Newsable WhatsApp channel by clicking here.