Don't fall for the new toll-road text scam

Happy Friday My wife called me the other day laughing. "Can you believe I just got a text message asking me to pay a toll?" It's funny because in Hawaii there are no toll roads, so she new it was a scam. But it got me interested... Since the pandemic there's been a surge of sms (text message) specific scams. It's called smishing - a combination of "sms" and "phishing." The pandemic really pushed us all into doing more than ever on our smart phones - menus, bills, paying for services and so on. These scams take advantage of our tendency to tap, swipe and respond to urgent requests on our phones quickly, all leading to accidental and sometimes disastrous responses.

Compared to a laptop or monitor, our phone screens are relatively small which makes it more difficult to catch typos, malicious links and a fake phone number. Now add AI into the mix—scammers are using it to analyze which scam variations work best, tweaking their messages in real time as they blast them out to thousands of phone numbers every second. It’s no wonder law enforcement is struggling to keep up. Here's what one of these scam text messages look like. If you or someone you know got one of these - beware:

The Takeaway For starters: 1) No toll agency will ever reach out to you by text. 2) See that sender's phone number? That +63 is a number from the Philippines. If you ever see a + followed by 2 numbers, it's a foreign number, so definitely not a US toll agency. 3) That website url is clearly fake. Government websites end in a .gov domain extension and many of the scams urls have 4) If a text message is asking you to reply 'Y' then you're helping the scammer identify you as a target. They take phone number blocks of thousands of numbers, then spray and pray text messages to all of them. When you reply, you're telling their system that you're a real person and they'll hone in and target you directly. Again, on a small screen these details may be hard to spot, which is why they've been so successful. There's a really well put together video segment on MSNBC on this if you're interested in learning more - here's the link. So in short, if you get one of these toll scam text messages, do not reply or click on any links. Just delete the message. Stay safe out there. -Attila

PS. f you want to hear more about scams and other IT security topics, all for free, check out our Cyber Secured Podcast series on Apple Podcasts, Spotify, YouTube Podcasts or any other place you listen to podcasts (we're on all of them).

New - the Positivity Box

Tired of hearing about negative, fearful and disturbing cybersecurity news? Me too. You may be surprised to learn that good things happen in security. Let's celebrate them!

This week the FTC took action against Click Profit - a predatory online, work from home company that advertised heavily on websites and social media, making false claims like a "$150k sales guarantee" if you enroll in their program. In short, Click Profit stole everyone's money. The FTC seeks to hold the company's operators accountable for their deceptive practices, recover money for defrauded consumers and permanently shut down Click Profit. The full story is available on BleepingComputer. We need more of these kinds of takedowns!

And of course... the Friday Funnies!

Between typos and autocorrect it's getting hard to post.

One tiny mistake and your whole post is urined.

What do sea monsters eat? Fish and ships!