Unraveling the U.S. toll road smishing scams
April 11, 2025, 9:20 a.m.
Description
A widespread financial theft SMS phishing campaign targeting toll road users across multiple U.S. states has been observed since October 2024. The attacks impersonate automatic payment services like E-ZPass, claiming outstanding bills under $5 USD and warning of late fees. Victims are directed to spoofed domains where they are prompted to enter personal and credit card information. The campaign is believed to be carried out by multiple financially motivated threat actors using a smishing kit developed by 'Wang Duo Yu'. The kit's developer offers tutorials and services through Telegram channels and a YouTube channel. The ongoing campaign has targeted at least eight states, including Washington, Florida, Pennsylvania, and Texas, using typosquatted domains resolving to specific IP addresses.
Tags
Date
- Created: April 11, 2025, 3:27 a.m.
- Published: April 11, 2025, 3:27 a.m.
- Modified: April 11, 2025, 9:20 a.m.
Indicators
- 43.156.47.209
- 82.147.88.22
- 45.152.115.161
- txtag.vipso.top
- txtag.vipsf.top
- txtag.vipnu.top
- txtag.vipnd.top
- e-zpassny.com-etkh.xin
- e-zpass.vipss.xin
- e-zpass.vipsm.xin
- e-zpass.com-etcjr.xin
- ws-gtg.com
- ws-dot.com
- wagtg.com
- wagood-togo.com
- wa-gtg.com
- va-toll.com
- va-route.com
- va-lane.com
- va-ez.com
- tx-road.com
- tx-account.com
- tollwa.com
- toll-va.com
- plate-pa.com
- pass-fl.com
- pa-plate.com
- oh-route.com
- mygood-2go.com
- link-pa.com
- lane-pa.com
- lane-ks.com
- ks-drive.com
- ks-lane.com
- iltolls.com
- ilroad.com
- gtgwa.com
- gov-pa.com
- goodtogo-wa.com
- fl-road.com
- ezp-va.com
- fl-pass.com
- wangduoyu.vip
Attack Patterns
Additional Informations
- Transportation
- Finance
- United States of America