4 hours ago
9
Follow ZDNET: Add us as a preferred source on Google.
ZDNET's key takeaways
- Scam texts relating to tolls and deliveries have made Chinese scammers billions.
- US-based mules are paid to max out credit cards digitally cloned from stolen data.
- The luxury goods purchased with victims' funds are shipped to China.
Chinese scam rings have made over $1 billion in the past three years by sending scam text messages, officials warn.
As reported by The Wall Street Journal, those irritating scam messages you receive -- claiming that you've forgotten to pay a toll, you have an unpaid traffic violation, or there are US Postal Service fees outstanding -- hide a dark, "billion-dollar, highly sophisticated business."
Also: Phishing training doesn't stop your employees from clicking scam links - here's why
Who is behind the scams?
Department of Homeland Security officials have blamed cybercriminals working out of China for spam text messages relating to fake toll fees and USPS demands.
According to the WSJ, Chinese criminals are operating server farms that blast out scam texts to US residents. These so-called "SIM farms," many of which have been found in the US but are operated remotely, can send thousands of scam texts with little human oversight.
Unfortunately, however, US gig workers, recruited via the WeChat messaging platform, are also being implicated as mules.
What do these criminals want?
If victims fall for one of these scam texts, they are asked to hand over their credit or payment card details, plus one-time passcodes, via fraudulent phishing websites. Once this financial information has been handed over, individuals in the US max out digital, clone cards produced with stolen card information for what the WSJ calls a "small fee."
For example, a mule is paid 12 cents for every $100 gift card they buy using fraudulent financial information.
These cards are produced when a scammer submits stolen credit card information to a Google or Apple wallet and then shares these numbers with US-based mules.
Also: The best password managers: Expert tested
The cards are then used to purchase luxury items, such as iPhones, clothing, or gift cards. Physical products are then shipped to China.
How can I spot a scam text?
Scam text messages, also known as phishing messages, generally share some common themes.
First, the scammer will pretend to be from a recognizable and trusted service. In this case, the cybercriminal gang is using US toll systems and the postal service, but in others, you may encounter telecommunications providers like Verizon or T-Mobile, student loan companies, federal departments, or your bank's name.
The next part of a scam text will make a demand from you, and will often threaten you with some form of penalty -- such as an extortionate fine or lawsuit -- unless you comply immediately.
Also: Got a suspicious Amazon refund text? Don't click the link - it's a scam
The point of this is to create a sense of panic in the victim. If you're emotionally charged or engaged, you won't necessarily think logically, and you are more likely to engage in risky behavior -- such as handing over sensitive information -- without taking a step back and considering whether a text message is actually genuine.
There will also be a link. When clicked, this link will send you to a fraudulent website, disguised as the company website mentioned in the scam text. The website address might also be spoofed or worded slightly differently than the legitimate service. For example, the genuine www.t-mobile.com website could be spoofed to www.t-moble.com.
Other indicators of scam text messages include unknown numbers, spelling mistakes, and odd grammar.
What should I do if I receive a scam text?
We get them so often that it can be a pain to act. Still, you should report the message as spam (or junk), as this helps telecommunications providers monitor active scams and connect the dots on numbers used to propagate them. Once you have reported it, block the number, and delete the message from your device.
If you're not sure whether a message is a scam, do not respond to it and do not click on any links. Instead, call or directly contact the service the message apparently came from, as they will be able to confirm or deny if the message was genuine.
Also: I clicked on four sneaky online scams on purpose - to show you how they work
It can also help if you type the number into a search engine or some of the contents of the message together with the word "scam," as many people online share their encounters with scam text messages.
And remind family members and friends to treat every text message like this as suspicious until proven otherwise.
What should I do if I fall for a scam text?
If you have fallen for a scam text message similar to the ones included in the report, and you have, therefore, handed over your payment card details, you need to act fast.
Also: I'm ditching passwords for passkeys for one reason - and it's not what you think
Immediately contact your payment card provider or bank and request a freeze on your card. You may also be able to freeze your card and stop fraudulent transactions from an associated mobile app if the issuer provides this feature.
In either case, you should still inform the organization that you may have fallen for a scam. I also recommend that you consider freezing your credit to prevent any follow-up attempt of ID theft.
Stay ahead of security news with Tech Today, delivered to your inbox every morning.
English (US) ·