The FBI has issued a nationwide alert about a growing wave of ‘smishing’ scams, where fraudulent text messages trick people into giving away personal and financial information. With over 10,000 fake websites created to support these scams, experts say cybercriminals are becoming more convincing than ever—and if you’re not careful, you could be their next victim.
What Is ‘Smishing’ and How Does It Work?
‘Smishing’ (a mix of SMS + phishing) is when criminals send deceptive text messages pretending to be from legitimate organizations—like banks, government agencies, delivery services, or toll road companies. The goal? To get you to click on a malicious link that steals your private information.
Recent cases show scammers impersonating toll road services, claiming that users have unpaid tolls and must settle their balance immediately or face penalties. Other scams pose as delivery companies, warning about missed package deliveries that require payment or confirmation.
Once a victim clicks the link, they are sent to a fake website that looks almost identical to the real one. There, they’re asked to enter credit card details, passwords, or personal info—giving hackers direct access to their accounts.
Recent Incidents and FBI Reports
- The FBI’s Internet Crime Complaint Center (IC3) has received over 2,000 complaints this month alone related to fraudulent toll payment messages.
- Multiple states, including Texas and Connecticut, have issued warnings after residents reported fake texts demanding payment for supposed unpaid tolls.
- Security researchers have discovered over 10,000 newly registered domains designed to mimic real government and private-sector websites, making it harder for victims to recognize the fraud.
Red Flags: How to Spot a Smishing Text
If you receive a text message that looks suspicious, watch out for these warning signs:
Urgent Language – “Pay now to avoid late fees!” or “Your account will be suspended if you don’t act immediately.”
Strange or Misspelled Links – Hover over links (without clicking) and see if they match the real website. Legitimate businesses use official domains.
Requests for Personal Info – No real company will ask for your Social Security number, banking details, or passwords via text.
Unsolicited Messages – If you weren’t expecting a toll notice, delivery confirmation, or bank alert, be skeptical.
How to Protect Yourself from Smishing Attacks
The FBI is urging smartphone users to take the following steps immediately to reduce their risk of falling victim:
NEVER Click Suspicious Links – If you receive an unexpected text about an unpaid bill or account issue, go directly to the official website instead of clicking the link.
Verify with the Source – If you get a toll violation notice, call the toll agency directly using the number listed on their website. Don’t trust the phone numbers in the text message.
Report Smishing Texts – Forward suspicious texts to 7726 (SPAM) and report them to the FBI’s Internet Crime Complaint Center (IC3.GOV).
Monitor Your Bank Accounts – Regularly check bank and credit card statements for any unauthorized transactions.
Enable Two-Factor Authentication (2FA) – If a scammer gets your login info, 2FA can prevent them from accessing your accounts.
Stay Vigilant
The FBI’s latest smishing alert serves as a reminder that cybercriminals are constantly evolving their tactics. They’re banking on victims acting quickly out of fear—so take a moment, double-check messages, and don’t fall for the trap.
As these scams become more sophisticated, the best defense is education and caution. If something feels off, trust your gut and verify before you click.