A New Form of Scam "Smishing" Raises Significant Issues

Across the United States, a wave of smishing scams—phishing attacks delivered via text messages—has swept through cities, leaving residents wary of their phones. The term “smishing” blends “SMS” and “phishing,” reflecting how cybercriminals use deceptive texts to lure victims into revealing personal and financial details. What began as a niche scam has exploded into a nationwide issue, prompting warnings from the FBI and local governments. With over 10,000 fraudulent websites fueling these schemes, both iPhone and Android users are in the crosshairs.

The latest smishing campaign mimics official notices from parking violation departments. Cities like Annapolis, Boston, Charlotte, Denver, Detroit, Greenwich, Houston, Milwaukee, Salt Lake City, San Diego, and San Francisco have issued alerts about texts claiming recipients owe fines for unpaid parking tickets. One message reads, “This is a final reminder from the City of New York regarding the unpaid parking invoice. A $35 daily overdue fee will be charged if payment is not made today.” These texts urge users to click links leading to fake payment sites designed to harvest sensitive data.

Cybersecurity outlet BleepingComputer reports this scam, active since December, continues to evolve. The FBI has flagged a related trend where smishing texts impersonate road toll collection services. “Since early March 2024, the FBI Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing texts representing road toll collection services from at least three states,” the agency noted, suggesting the scam is spreading state by state.

Palo Alto Networks‘ Unit 42, a leader in threat intelligence, recently revealed that smishing scams are growing more sophisticated. Originally focused on fake toll payment demands, the schemes now include fraudulent delivery alerts, tricking users into clicking malicious links. These attacks often steal credit card numbers, bank account details, and other personal information. Unit 42’s research ties the scams toolkit to Chinese hacking groups, with many domains registered under the Chinese.XIN top-level domain (TLD). Local cybercriminals appear to be adapting this toolkit to target U.S. residents.

The human toll of smishing is real. Imagine receiving a text claiming you owe money, complete with a looming daily fine. Panic sets in—most people don‘t want trouble with the law. That’s what scammers bank on: a split-second decision to click before thinking. Its not just tech-savvy folks getting hit; these scams prey on anyone with a phone, exploiting trust in official-sounding messages.

So, how do you shield yourself from smishing scams? Here are six practical steps:

1. Verify Before You Act: Unsolicited texts claiming to be from government agencies or companies should raise red flags. Dont click links or respond right away. Instead, call the organization using a number from their official website—not the one in the text—or visit their verified site directly.
2. Steer Clear of Suspicious Links: Those links in unexpected texts? They‘re often gateways to fake websites that snatch your data or install malware. Skip them entirely. Type the organization’s URL into your browser manually or search for it online. Strong antivirus software is your next line of defense—install it on all devices to block malicious links, phishing attempts, and ransomware. Check out the top antivirus picks for 2025 to keep your Windows, Mac, Android, or iOS safe.
3. Lock Down Your Devices: Outdated phones are vulnerable. Regularly update your operating system and apps for the latest security patches. Add reputable security software to flag phishing attempts and warn you about risky sites or messages.
4. Rely on a Password Manager: A good password manager auto-fills credentials only on legitimate sites, reducing the odds of typing your details into a scam page. It can also alert you if a site seems off. Explore the best password managers of 2025 for expert-recommended options.
5. Report the Sketchy Stuff: Spot a fishy text? Don‘t just delete it—report it. Notify your mobile carrier, local police, or the FBI’s IC3. Quick reporting helps track scammers and stop them from hitting others.
6. Wipe Your Data from the Web: Smishing thrives on personal info scammers snag from data brokers—think phone numbers, addresses, and emails. Personal data removal services can scrub your details from these sites, making it tougher for cybercriminals to target you. Theyre not perfect, but they offer ongoing monitoring and automation to keep your info off hundreds of sites over time.

Smishing scams are more than a nuisance—they‘re a growing threat. The FBI and cybersecurity experts agree: that these attacks are getting smarter, leveraging fear and urgency to exploit everyday people. Whether it’s a fake parking fine or a toll scam, the goal is the same: steal your money and identity. Staying cautious, keeping your tech updated, and knowing how to spot fraud can keep you one step ahead. In a world where a simple text can cost you, vigilance is your best weapon.