The Federal Bureau of Investigation has issued a nationwide alert regarding a surge in ‘smishing’ attacks targeting users across the United States, reports said.

Smishing, a blend of “SMS” and “phishing,” involves fraudulent text messages aimed at tricking recipients into revealing personal information, such as passwords and credit card details.

Cybercriminals have registered over 10,000 domains to facilitate such scams, which primarily target iPhone and Android users with deceptive messages designed to steal sensitive data. Authorities advise recipients to delete any suspicious texts “immediately.”

A report from Palo Alto Networks’ Unit 42 indicated that such scams have evolved from fake toll payment notifications to include fraudulent delivery service alerts, enticing users to click on malicious links.

The Federal Trade Commission has warned that clicking on such links could lead to financial theft and identity fraud, with messages “typically claiming that unpaid bills require immediate action to avoid penalties.”

Scammers have been instructing users to copy and paste URLs into their web browsers, as Apple’s iMessage blocks suspicious links, complicating detection efforts.

Cybersecurity experts suggested that such an operation resembled a franchise model.

Cities such as Dallas, Atlanta, Los Angeles, Chicago, and Orlando are among the most affected, with a reported fourfold increase in these scams since January. Louisiana Attorney General Liz Murrill highlighted the personal threat, stating she was targeted as well. “If you ever receive a text that looks suspicious, be sure to never click on it,” she warned.

Authorities recommend the following actions if recipients receive a suspicious text:

1. File a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov, providing details about the phone number and website in the text.

2. Verify outstanding payments by visiting the legitimate toll service’s website or contacting customer service.

3. Delete any smishing messages immediately.

4. If personal or financial information has been compromised, secure your accounts and dispute unauthorised transactions.

Read more

PTA warns people against fraudulent links on WhatsApp

How to protect yourself from WhatsApp group scams

Shreya Ghoshal’s X account hacked

The FTC also advised users to avoid clicking on links or responding to unexpected texts and to report and delete any scam messages using their smartphone’s “report junk” feature or forwarding them to 7726 (SPAM).

As cybercriminals increasingly adopt a mobile-first attack strategy, the FBI and cybersecurity firms stress the importance of vigilance to protect personal and financial information from these evolving threats.