FBI Issues Urgent Warning: Delete These Scam Texts NOW!

FBI Warns iPhone and Android Users: Delete These ‘Smishing’ Texts Now

The FBI has issued a nationwide alert about a rising wave of “smishing” attacks targeting users across the United States.

Smishing, a blend of “SMS” and “phishing,” refers to fraudulent text messages designed to trick recipients into divulging sensitive information such as passwords, credit card details, or banking credentials.

Cybercriminals have registered over 10,000 domains to facilitate these scams, which specifically target iPhone and Android users. Authorities urge people to delete any suspicious texts immediately to avoid falling victim to financial theft and identity fraud.

How the Scam Works

A recent report from cybersecurity firm Palo Alto Networks’ Unit 42 reveals that these scams lure victims into providing personal data under false pretenses. Initially focused on fake toll payment notifications, the scheme has expanded to include bogus delivery alerts, prompting users to click malicious links.

For months, state and local authorities have warned about a toll scam falsely claiming that recipients owe unpaid fees. The Federal Trade Commission (FTC) cautions that clicking on such links can compromise financial security and expose victims to identity theft.

Tactics Used by Scammers

Fraudulent messages typically claim that an outstanding bill requires immediate payment to avoid penalties. They include a deceptive link leading to a fake payment portal—where cybercriminals exploit a network of fraudulent domains.

Since Apple’s iMessage blocks suspicious links, scammers now instruct victims to manually copy and paste the URL into their browser, making detection harder.

The Extent of the Scam

Cybersecurity experts believe these operations function as a franchise model, using toolkits provided by Chinese cybercriminal groups. Many malicious domains use China’s .XIN top-level domain (TLD), including:

• dhl.com-new[.]xin

• fedex.com-fedexl[.]xin

• ezdrive.com-2h98[.]xin

• e-zpassny.com-ticketd[.]xin

• sunpass.com-ticketap[.]xin

• thetollroads.com-fastrakeu[.]xin

The FTC warns that legitimate U.S. toll and delivery services never use foreign domains for transactions.

Cities Most Affected

A report from McAfee identifies the top five cities hit hardest by these scams:

• Dallas

• Atlanta

• Los Angeles

• Chicago

• Orlando

Other heavily targeted areas include Miami, Houston, Denver, Phoenix, and Seattle. Authorities have reported a fourfold increase in smishing attacks since January.

Real Cases & Warnings from Officials

Louisiana Attorney General Liz Murrill revealed that she was personally targeted by the scam.
“I received this text as well. It’s a scam. If you ever get a suspicious message, never click on it. You don’t want scammers stealing your personal information,” she warned.

An investigation in Detroit uncovered an additional trick: When victims attempted to make a payment, they received an error message claiming their card was declined. This encouraged them to enter multiple card details, handing even more financial data to scammers.

What to Do If You Receive a Suspicious Text

The FBI advises the public to take the following steps:
✔ Report the scam: File a complaint with the Internet Crime Complaint Center (IC3) at www.ic3.gov, including details of the sender’s phone number and any website listed in the message.
✔ Verify the claim: Contact the legitimate toll or delivery service through their official website or customer service.
✔ Delete the message immediately.
✔ Secure your accounts: If personal or financial details have been exposed, take action to protect your information and dispute any unauthorized transactions.

FTC’s Additional Safety Tips

✅ Never click on links or respond to unexpected messages.
✅ Verify directly with the toll or delivery service via official contact methods.
✅ Report scam texts by using your smartphone’s “report junk” feature or forwarding the message to 7726 (SPAM).

Why Smishing Scams Are on the Rise

Cybersecurity firm Zimperium warns that cybercriminals are increasingly shifting to a “mobile-first attack strategy.” The ease of use and smaller screens of smartphones make users more likely to trust and engage with text messages than emails—heightening the risk of falling for scams.

As these fraudulent schemes evolve and spread rapidly, authorities continue to emphasize the importance of vigilance. The public is urged to remain cautious, avoid clicking on unsolicited messages, and take proactive steps to safeguard personal and financial information.