Beware—these calls are not what they seem.
Update: Republished on April 7 with reports into new surge in mobile attacks.
The U.S. is in the grip of a phishing attack sweeping “state-to-state,” with Las Vegas and Phoenix the latest cities to receive warnings from the bureau as a toll scam attributed to Chinese hackers shows no signs of slowing. But just as America becomes more aware of that particular threat, here comes another one that’s much more malicious.
The bureau is now warning that criminals are “impersonating law enforcement or government officials in attempts to extort money or steal personally identifiable information.” This threat may come at you by email, with “the appearance of legitimacy by using pictures of the FBI Director and/or the FBI seal and letterhead.” But it’s more likely to be a phone call. “On the phone, scammers often spoof caller ID information, so fraudulent calls appear to be coming from an agency’s legitimate phone number.”
The bureau’s advice is clear. “Hang up immediately and report the call to law enforcement.” It should be an obvious red flag, but in the moment with a well-versed scammer on the phone, it can be all too easy to fall victim. “Law enforcement does not call or email individuals threatening arrest or demanding money.”
There’s some variety of flavors to this scam, and the FBI gives examples:
- “Demanding payment or threatening arrest. You will also not be asked to wire a ‘settlement’ to avoid arrest.
- Asking you to use large sums of your own money to help catch a criminal.
- Requesting you send money via wire transfer to foreign accounts, cryptocurrency, or gift/prepaid cards
- Calling you about ‘frozen’ Social Security numbers or to coordinate inheritances.”
Echoes here of the “phantom hacker” calls that the bureau warned about earlier this year. This is when a spoofed bank call tricks users into transferring money to a new account to safeguard it from an ongoing attack. Again, a bank will never call to ask you to move money, just as technical support will never unexpectedly call to inform you that there’s a fault with your phone or computer, proactively offering to help.
The latest law enforcement impersonation warning comes by way of the FBI’s Philadelphia Field Office, but just as with the toll scam it’s a much wider threat. Last week, the San Francisco Police Department warned its Chinese community that “individuals [have been]
impersonating local health care providers, federal employees, and foreign police officers, claiming to be from cities located in China.”
These scams have even included “video calls [with] suspects dressed in Chinese police officers’ uniforms with a background resembling a police station in China. The victims were instructed to download communications applications like Signal or Skype for texts, voice calls and video calls to discuss the alleged fraud further.”
We have also seen criminals impersonating ICE officers this year, playing to the political focus on immigration, making deportation threats absent the fast payment of fines. Scammers like northing more than an event to cloak their attack. As such, you can expect a wave of tariff-related scams to proliferate over the coming weeks.
Notwithstanding the seriousness of this latest warning, it’s nothing compared to the ongoing unpaid toll scam which continues to generate multiple headlines each week as more state and city agency names are co-opted into the attack. The Chinese phishing kit behind the attacks lends itself to viral growth, and the scam is now getting even worse.
Bleeping Computer warns of a new “surge in this mobile phishing campaign,” with “the volume of texts being sent in this scam 1744001250 so large that users have been expressing their frustration over the frequency and persistence of the particular scam attempts, sometimes reaching up to 7 messages in a day.”
One Redditor posted that they have received “these texts once every week or so for the past couple of months,” with another warning that “currently this is the most popular scam running. Requires very little effort on the scammers part but still seems to be making money for them or they would change tactics.”
And it can be relentless when the scammers have your cell number in focus. “About a few weeks ago, I started getting a text about toll violations and wondered why I got that,” another Redditor complained. “I never drive on any toll roads and I do not live close to any toll roads. Later on I get more of these texts telling me that I’ll have consequences if I don’t pay my toll in time. I already figured that these are all scams because today I got two of these texts and they all have different paying dates and shady links. I’ve been trying to delete them but they keep on popping up in my messages. I don’t know how to get rid of them.”
Just remember, regardless of what number appears on your iPhone or Android screen, no law enforcement officer, bank official, tech support agent or anyone else in an official capacity is going to call you out of the blue to demand information, ask you to install software, or demand money. Hang up and call back or go online using a normal, publicly available source. Don’t take any risks.
And, as the FTC has just warned once again, any unpaid toll bill text is almost certainly a scam. If you have any doubts, call the toll agency’s number or go online. Do not click any links, give away any information or make any payments.
