Toll Payment Systems Turned Into Cyber Traps
A major hacking campaign uncovered & it’s targeting toll payment systems that millions of people use every day. The attack is being carried out by a cybercrime group called the Smishing Triad, believed to be based in China. They are using sneaky text messages to trick people in the United States and the United Kingdom into giving away money and private information.
These hackers pretend to be trusted toll service companies like FasTrak, E-ZPass, and I-Pass. They send out fake messages saying you haven’t paid a toll and need to click a link or enter your payment details to avoid a fine. The messages look real and often use the same logos, names, and language as the actual toll agencies.
But clicking on the link doesn’t solve a toll issue—it gives hackers access to your bank details, passwords, or other personal information. The scammers not only steal money but also collect your personal data to use in future attacks or sell to other criminals online.
How the Smishing Campaign Works
The method being used is known as smishing, a form of phishing that happens through SMS or instant messages. Cybercriminals send fake messages in bulk, tricking people into clicking harmful links or responding with sensitive information.
To make things worse, these attackers are using over 60,000 different website addresses in their campaign. This makes it extremely hard for tech companies like Apple and Android to keep up and block all of them. Each time one fake site is blocked, another one pops up.
Hackers also take advantage of underground messaging services, which are cheap and easy to use. For example, it costs as little as $8 to send 1,000 fake messages to people in the UK. These services even let hackers change the Sender ID (SID), so the message looks like it’s coming from a real toll company. That makes people much more likely to trust the message and click the link.
This technique of changing the sender’s name fools even cautious users. If a message says it’s from “E-ZPass” or “FasTrak,” most people won’t think twice about opening it. It’s a trick designed to get your attention and lower your guard.
Cyberattack Catastrophe: How Hackers Can Endanger Human Lives ?
Oak Tel and the Hidden Tools Behind the Attack
One underground tool used by these cybercriminals is a service called Oak Tel, also known as Carrie SMS. According to cybersecurity experts, Oak Tel plays a major role in supporting the smishing operations of the Smishing Triad and possibly other similar hacker groups.
Oak Tel is hosted at a website called oak-tel[.]com. It offers a full-featured control panel where criminals can manage their smishing campaigns just like a regular marketing team might run an ad campaign. They can send out fake messages, check how many people clicked on them, and even change the content of the messages in real time.
What makes Oak Tel especially dangerous is its ability to support Sender ID spoofing from a wide range of U.S.-based financial institutions. This means hackers can impersonate not just toll companies, but also banks and credit card companies. That increases their reach and makes their scams more convincing.
Fighting against this type of cyberattack is difficult because the fake messages come from what looks like trusted sources. It’s not easy for phones or carriers to tell the difference. That’s why users are being warned to never click on links from unknown or unexpected text messages.
How Cyber Attacks on Industrial Control Systems Can Endanger Lives ?
