You’re waiting for a package. Or maybe you just drove through a toll booth and realized you forgot your transponder. Then, ping—a text arrives. "Your E-ZPass has an outstanding balance of $12.51. Pay now to avoid a $50 fine." It looks official. It feels urgent. But according to the latest alerts, it's almost certainly a trap.
The FBI warns smishing texts are exploding in volume right now. In fact, the Internet Crime Complaint Center (IC3) has seen these specific toll-road scams balloon from a few thousand complaints to over 60,000 in a single year. We’re talking about industrial-scale fraud where Chinese-based criminal groups are pumping out an estimated 60 million of these messages every single month.
What "Smishing" Actually Is (and Why It Works)
Smishing is just a fancy mashup of "SMS" and "phishing." While we’ve all been trained to ignore weird emails from "Nigerian Princes," we still tend to trust our text inboxes. Your phone is personal. It’s where your mom, your boss, and your best friend reach you. Scammers capitalize on that intimacy.
They aren't just guessing anymore, either. These groups use "phishing-as-a-service" infrastructure. They buy massive lists of phone numbers from data brokers, use AI to make the language sound perfectly localized, and then fire away.
The Most Common Smishing Scams Flooding Inboxes
The FBI has identified a few "greatest hits" that scammers are currently using to drain bank accounts. Honestly, they’re getting scary-good at mimicking the real thing.
The Toll Road Trap
This is the big one. Whether it’s E-ZPass in New York, SunPass in Florida, or FasTrak in California, the script is the same. The text says you owe a small, specific amount—usually around $12.00 to $15.00. Why such a small number? Because most people won't think twice about paying $12 to avoid a $50 fine. It’s low enough to fly under your "scam radar" but high enough to be profitable for the crooks when they hit 100,000 people.
The "Accidental" Friend
Have you ever gotten a text that says, "Hey Sarah, I'm running 10 minutes late for lunch!"? You aren't Sarah. You reply, "Wrong number." Then they say, "Oh, I'm so sorry! You seem so nice though, maybe we were meant to meet."
This isn't a rom-com. It’s the start of a "Pig Butchering" scam. They’ll spend weeks building a relationship with you just to convince you to "invest" in a fake crypto platform later.
The DMV and Post Office Alerts
"Your package is held at the warehouse due to an incomplete address." Or, "Your driver's license needs immediate verification." These texts usually include a link to a cloned website that looks exactly like the official USPS or DMV portal. Once you enter your credit card or Social Security number, the scammers have everything they need.
Why These Scams Are Harder to Spot in 2026
Artificial Intelligence has changed the game. Scammers used to be easy to spot because of broken English or weird formatting. Not anymore. They use Large Language Models (LLMs) to generate perfect, professional-sounding alerts.
They also use "link-blocking bypass" tricks. If you’ve ever seen a text that says "Reply Y to see the link," that’s a tactic to get around the built-in spam filters on iPhones and Androids. By getting you to interact with the message, you’re basically telling your phone, "Hey, I know this person," which lets the malicious link through.
The Infrastructure Behind the Attack
Security researchers at firms like Check Point and Cisco Talos have traced many of these campaigns to Chinese DNS providers. They use low-cost domains with extensions like .cfd or .win because they’re cheap to register and easy to throw away once they get flagged.
The FBI Warns Smishing Texts: How to Protect Yourself
If you get a text that feels even 1% suspicious, the best thing you can do is... nothing. Don't reply "STOP." Don't click the link to see what it is. Just stop.
👉 See also: 2008 Honda Accord Spark Plugs: What Most People Get Wrong
- Verify at the Source: If a text says you owe money to E-ZPass or the IRS, close the message. Go to your browser. Type in the official website yourself (like
ezpass.com). Log in there. If you actually owe money, it will show up in your official account dashboard. - The "7726" Trick: Most people don't know this, but you can report these texts directly to your carrier. Forward the scam message to 7726 (which spells "SPAM" on a keypad). This helps providers like AT&T, Verizon, and T-Mobile block those numbers for everyone.
- Look for the "Urgency" Red Flag: Real government agencies almost never send unsolicited texts demanding immediate payment via a link. If the message tries to make you panic, it’s a scam.
- Use Multi-Factor Authentication (MFA): Even if a scammer steals your password through a fake site, MFA can stop them from getting into your actual bank account. Just make sure you’re using an authenticator app rather than SMS-based codes, which can also be intercepted.
What to Do If You Already Clicked
It happens to the best of us. If you clicked a link or, worse, entered your information, you need to move fast.
First, contact your bank and freeze your cards. Second, go to the FBI IC3 website (ic3.gov) and file a complaint. Be sure to include the phone number the text came from and the URL of the website it tried to send you to. This data is exactly what law enforcement needs to map out these criminal networks and shut down their servers.
Final Reality Check
The FBI warns smishing texts aren't going away. As long as it costs fractions of a cent to send a text and the potential payout is a thousand dollars, criminals will keep trying. Your phone is a doorway to your identity and your savings. Keep the door locked.
Actionable Next Steps:
- Forward any suspicious texts you currently have to 7726 and then delete them.
- Check your mobile carrier’s settings for "Silence Unknown Senders" to filter out potential spam before it hits your notifications.
- Update your phone's operating system today; these updates often include new "fingerprints" for known scam links that help your phone block them automatically.