Executive Summary:
- During and in the aftermath of the global coronavirus (COVID-19) pandemic, spam or phishing texts have become a more frequent and sometimes successful weapon of cyber assailants.
- The evolution of phishing attacks, from impersonal emails to personalized short message service (SMS) texts, constitutes an emerging and growing threat to consumers.
- As improvements are made in artificial intelligence (AI) and large language model (LLM) systems, the phishing attempts will appear more credible and be harder to detect.
- Individuals and organizations, especially entities that work with protected information and frequently use cell phones, should prepare and implement cybersecurity policies. Consider contacting RMS International’s security professionals for a customized risk assessment.
Situation Report (SITREP):
During and in the aftermath of the global coronavirus (COVID-19) pandemic, spam or phishing texts have become a more frequent and sometimes successful weapon of cyber assailants. In November 2024, 19.2 billion spam texts were sent, that equates to about 63 phishing attempts per person. The evolution of phishing attacks, from impersonal emails to personalized short message service (SMS) texts, constitutes an emerging and growing threat to consumers. The Federal Bureau of Investigation’s (FBI) 2022 Internet Crime Report found that phishing was the most common type of cybercrime, accounting for nearly half all-reported incidents.
As of February 2025, a large percentage of the US population has received some kind of text appearing to be from toll companies and agencies. The following SMS was received on February 12, 2025:
Pay your FastTrak Lane tolls by February 12, 2025.
To avoid a fine and keep your license, you can pay
at hxxps:penalty.com-latefeerg.top/pay. (Please reply
Y, then exit the text message and open it again to.
activate the link, or copy the link into your Safari
browser and open it).
While at first glance the text may appear legitimate, it contains nearly all of the elements of a classic phishing scheme. An international phone number delivered the text, there is an alarming message creating a sense of panic, a quasi-professional looking link, and an call to action that presents a sense of “act now” urgency. Similar tactics have been identified from other toll collection companies, including SunPass and EZPass.
Similarly, texts appearing to be from friends or unsaved contacts suggesting “Hey! Do you remember me?” or “You left your shirt at my house,” and SMS suggesting a recent order and package tracking number are increasing in frequency. As improvements are made in artificial intelligence (AI) and large language model (LLM) systems, the phishing attempts will appear more credible and be harder to detect.
Impact Analysis and Recommended Action:
Far from chump change and opportunistic criminals, hacking is big business. Cybercrime is predicted to have cost the global economy $9.5 trillion USD in 2024 greatly impacting more localized economies. The United States (US) is the primary target for cybercrime, especially for critical infrastructure and key resources (CIKR), as well as small businesses. In 2022, the US reported 800,944 cybercrimes amounting to $10.3 billion in financial losses.
A seemingly innocuous click could result in big financial losses, and there are several actions that can be taken to mitigate the cyber risk and even thwart hackers. The US Federal Trade Commission (FTC) suggests several options available to help cut down on spam and avoid scams, such as using spam filters or reporting suspicious numbers to the FTC.
First, identify the threat. Before clicking a link or entering any kind of personal information on a website, email, or text thread consider what kind of information is being requested. Another tactic is to simply ignore the messages, replying with “STOP” indicates to both the phone’s carrier and provider that the number is being used for cybercrime. Enough of these reports increases the likelihood of the number being flagged or shut down. While some may be weary of replying “STOP” as it may signal to scammers the phone number is active, FTC cybercrime professionals dismiss the concerning, noting cybercriminals already know which numbers are active.
Lastly, individuals and organizations, especially entities that work with protected information and frequently use cell phones, should prepare and implement cybersecurity policies. Consider contacting RMS International’s security professionals for a customized risk assessment and tailored plan of action to mitigate the risk of ransomware, hacks, and other cybercrimes.
About RMS International:
Founded in 2012, RMS International provides ad hoc and contracted close protection, estate security, international travel management, corporate executive protection, personnel and asset security, and discreet investigative services. Operating a state-of-the-art Risk Operations Center in West Palm Beach, they provide 24/7 overwatch of global operations in Asia, Europe, Africa and throughout the Americas. RMS International delivers peace of mind in a chaotic world. Connect with us at RMSIUSA.com
