Home – Blog Post
If you’ve received a text message claiming you owe money for an unpaid highway toll, a missed postal service fee, or a traffic violation fine, you’re not alone. These seemingly innocuous messages are part of a massive, industrialized fraud operation that has generated over $1 billion for Chinese criminal organizations in just the past three years, according to the Department of Homeland Security. What appears to be a simple annoyance is actually a sophisticated, internationally coordinated cybercrime operation that’s targeting millions of Americans daily.
The explosion in text message scams has reached alarming proportions. In September 2025, Americans reported a record-breaking 330,000 scam messages related to unpaid toll fees in a single day. Data from Proofpoint, a cybersecurity firm that filters mobile spam, reveals that the average monthly volume of toll scam messages has increased more than three-fold since January 2024—a 350% surge in less than a year.
These aren’t random, opportunistic attempts by amateur scammers. Behind these messages lies a well-organized criminal infrastructure involving server farms, sophisticated technology platforms, international money laundering networks, and hundreds of recruited accomplices working across continents. The operation has become so systematized that criminal groups now sell pre-packaged kits on Telegram containing all the hardware and software needed to execute these scams.
The fraud operates through a multi-stage process that exploits both technology and human psychology. It begins with SIM farms—rooms filled with boxes of networking devices containing hundreds or thousands of small SIM cards typically used in mobile phones. These farms enable a single operator to send out the same volume of text messages that would normally require 1,000 individual phone numbers.
“One person in a room with a SIM farm can send out the number of text messages that 1,000 phone numbers could send out,” explained Adam Parks, an assistant special agent in charge at Homeland Security Investigations. The criminal gangs operating in China typically control these SIM farms remotely, though they hire gig workers in the United States to physically set them up in locations ranging from auto shops to shared office spaces.
When victims receive these text messages warning of unpaid tolls or government fees, they typically see links to what appear to be legitimate payment websites. These are actually sophisticated phishing sites designed to capture every keystroke as victims enter their personal and financial information. The criminals use software tools found on Telegram messaging channels to create these fake websites, which allow them to watch in real-time as victims type their names, credit card numbers, expiration dates, and security codes.
What makes this fraud particularly ingenious and difficult to combat is the criminals’ exploitation of legitimate digital wallet technology. Once the scammers capture credit card information through their phishing sites, they use an innovative technique to install the stolen card numbers into Google and Apple Wallets on smartphones in Asia. They then employ remote tap-to-pay software to create what investigators describe as “a virtual bridge between the phone in China and a phone in the United States.”
This technology allows the criminals to share access to these stolen digital wallet credentials with recruited money mules located throughout the United States. On any given day, the scammers employ between 400 and 500 of these mules, who are paid approximately 12 cents for every $100 gift card they purchase using the stolen credit card information loaded into their digital wallets.
These accomplices use the fraudulent cards to buy high-value, easily liquidated items including iPhones, gift cards, clothing, and cosmetics. The purchased goods are then shipped to China, where they can be sold to convert the stolen funds into usable currency. The use of gift cards is particularly strategic, as they provide a relatively anonymous and difficult-to-trace method of monetizing stolen financial information.
While the scams follow a consistent overall pattern, criminal groups adapt their messages to target specific geographic regions and exploit local circumstances. Officials across multiple states including Florida, Massachusetts, Texas, Colorado, California, Minnesota, and Washington, D.C., have issued warnings about regional variations of these scams, which are collectively referred to as “smishing” (SMS phishing).
Some messages claim to be from state toll authorities like E-ZPass or regional transportation agencies. Others impersonate the U.S. Postal Service demanding payment for package deliveries. Still others pose as local departments of motor vehicles or municipal finance departments claiming unpaid traffic violations or parking tickets. The messages are carefully crafted to create a sense of urgency and leverage the recipient’s desire to avoid penalties or resolve what appears to be a legitimate obligation.
Recent variations have expanded beyond toll and postal scams to include fake tax refunds, fraudulent notices about state inflation refund programs, and phony alerts from bureaus of motor vehicles attempting to steal banking details. Each iteration represents the criminals’ ongoing efforts to identify which approaches generate the highest response rates and financial returns.
The text message scams exist within a larger ecosystem of international cybercrime. Recent data from the Department of the Treasury shows a 66% year-over-year increase in cyberscams originating from Southeast Asia, costing Americans approximately $10 billion annually. The Treasury’s Office of Foreign Assets Control has issued sanctions against networks of scam centers in the region, including nine targets in Shwe Kokko, Myanmar, described as “a notorious hub for virtual currency investment scams.”
Law enforcement investigations have uncovered the staggering scale of the technical infrastructure supporting these operations. The U.S. Secret Service recently discovered a massive network of more than 100,000 SIM cards and 300 servers located within a 35-mile radius of New York City alone. This operation, believed to be run by both foreign nation-state threat actors and criminal organizations, was initially uncovered during investigations into swatting calls targeting high-ranking government officials.
The Secret Service’s Advanced Threat Interdiction Unit found that this sophisticated network was capable of generating enormous volumes of phone traffic while rapidly switching out SIM cards to evade detection. The discovery highlights how criminal groups have invested heavily in technical infrastructure that can operate at industrial scale while remaining largely invisible to traditional law enforcement monitoring.
In response to the escalating threat, the Department of Homeland Security has launched Project Red Hook, combining resources from Homeland Security Investigations with law enforcement partners and private sector businesses. The initiative aims to raise awareness of how Chinese organized crime groups operate, disrupt their technical infrastructure, and prosecute the individuals involved in both operating the scams and serving as money mules.
However, law enforcement officials acknowledge the significant challenges they face. The international nature of the operations makes coordination difficult, as the perpetrators operate from jurisdictions where they may enjoy protection or where local authorities lack the resources or motivation to pursue them. The rapid evolution of the scams, with criminals constantly adapting their techniques and creating new variations, makes it difficult to develop effective countermeasures.
The use of legitimate platforms and services also complicates enforcement efforts. Criminals purchase SIM cards through regular commercial channels, use legitimate messaging platforms like Telegram to coordinate their activities, exploit genuine digital wallet services, and recruit accomplices through conventional gig economy platforms. Each of these elements is legal when used for legitimate purposes, making it challenging to interdict the infrastructure without affecting normal commercial activity.
The success of these text message scams stems from several psychological and technical factors. First, the messages exploit a fundamental human tendency to respond to apparent authority and avoid negative consequences. When people receive what appears to be an official notice about an unpaid fine or fee, particularly one that threatens additional penalties or legal action, their immediate impulse is often to resolve the matter quickly.
Second, the scams leverage the confusion many people feel about the various government services and fees they encounter. In an era where electronic toll collection, online government services, and digital payment systems have become ubiquitous, many people genuinely are unsure whether they might have overlooked a legitimate payment obligation. The criminals deliberately create just enough uncertainty to prompt people to click through to investigate.
Third, the amounts requested are typically small enough to seem plausible and not worth disputing—often just a few dollars for a supposed toll violation or postal fee. This makes victims more likely to simply pay rather than take the time to verify the legitimacy of the charge. Once the payment information is entered, however, the criminals have everything they need to make much larger unauthorized purchases.
Fourth, the technical sophistication of the phishing websites makes them difficult for average users to distinguish from legitimate government payment portals. The criminals invest in creating convincing replicas of official websites, complete with appropriate logos, color schemes, and security indicators that appear legitimate to casual inspection.
Individual users can take several concrete steps to protect themselves from these scams. The most important rule is simple: never click on links in unsolicited text messages claiming you owe money, even if they appear to come from legitimate organizations. Instead, if you believe you might actually owe a toll or fee, navigate directly to the official website by typing the URL into your browser or using a bookmark you’ve previously created.
Government agencies and legitimate service providers do not send unsolicited text messages demanding immediate payment, particularly with links to external payment sites. If you receive such a message, treat it as suspicious regardless of how official it appears. Legitimate toll authorities and government agencies typically send physical mail for unpaid obligations and provide multiple ways to verify and pay any legitimate debts.
Be particularly wary of messages that create artificial urgency, claiming that you must pay immediately to avoid additional penalties, legal action, or service interruptions. This pressure tactic is designed to override your critical thinking and prompt immediate action. Legitimate organizations provide reasonable timeframes and multiple notifications before taking any serious action over small unpaid fees.
For organizations, particularly those managing employee mobile devices or communications, implementing comprehensive security awareness training is essential. Employees should understand the current landscape of mobile-focused social engineering attacks and know how to identify and report suspicious messages. Technical controls including SMS filtering, mobile device management policies, and regular security updates can provide additional layers of protection.
Brian Schwalb, Attorney General of the District of Columbia, advises residents to “ignore these texts and immediately file a complaint with the FTC.” Reporting scam messages to your mobile carrier and the Federal Trade Commission helps law enforcement track the scope of these operations and identify patterns that may aid in disrupting the criminal networks.
The billion-dollar success of these text message scams demonstrates that cybercriminals have identified and exploited a highly effective attack vector. The combination of low technical barriers to entry, minimal risk of prosecution due to international jurisdictional challenges, and high success rates makes this an attractive business model for organized crime groups.
As long as these operations remain profitable, we can expect them to continue evolving and expanding. Criminals will undoubtedly develop new variations targeting different scenarios and exploiting emerging technologies. The rise of artificial intelligence and improved language processing may enable even more convincing personalized scam messages that reference specific details about individual targets.
Addressing this threat requires a coordinated response involving law enforcement, telecommunications providers, technology companies, and individual awareness. Mobile carriers need to implement more robust filtering of suspicious bulk messaging. Platform providers must make it harder for criminals to exploit digital wallet technology for fraud. Law enforcement agencies need enhanced international cooperation to pursue criminals operating from overseas. And individuals must remain vigilant and skeptical of unsolicited messages, regardless of how legitimate they appear.
The text message scam epidemic serves as a reminder that cybersecurity is not solely a technical challenge—it’s fundamentally a human one. The most sophisticated security systems can be undermined by a single moment of inattention or misplaced trust. In an era where our phones have become essential tools for managing every aspect of our lives, maintaining a healthy skepticism toward unexpected messages may be one of the most important security habits we can develop.
References:
9to5Mac: DHS says Chinese criminal gangs made $1B from US text scams
PYMNTS: Scam Texts Yield Billion-Dollar Bonanza for Chinese Criminals
Malwarebytes: Chinese gangs made over $1 billion targeting Americans with scam texts
Breitbart: Chinese Crooks Have Made $1 Billion from Scam Text Messages in the U.S.
NotebookCheck: Criminal gangs in China stole over $1 billion from Americans with SMS scam
London News Network: Criminal gangs in China have made more than $1 billion by targeting Americans with annoying texts
Get monthly updates on emerging threats, best practices, and strategic security insights for your business.
Copyright 2025 © Cyrion.io
