{"description":"Trending threats, MITRE ATT\u0026CK coverage, and detection metadata. Fed continuously.","feed_url":"https://feed.craftedsignal.io/tags/smishing/","home_page_url":"https://feed.craftedsignal.io/","items":[{"_cs_actors":[],"_cs_cpes":[],"_cs_cves":[],"_cs_exploited":false,"_cs_has_poc":false,"_cs_poc_references":[],"_cs_products":[],"_cs_severities":["medium"],"_cs_tags":["smishing","fraud","social-engineering"],"_cs_type":"advisory","_cs_vendors":["Bitdefender"],"content_html":"\u003cp\u003eSince December 2025, a large-scale smishing campaign has been targeting drivers across 12 countries. This operation, dubbed \u0026ldquo;Operation Road Trap\u0026rdquo; by Bitdefender Labs, involves sending fraudulent text messages to mobile users. The messages impersonate transport authorities, toll operators, and parking services. The campaign remains active as of April 2026, with researchers tracking the operation and observing the distribution of over 79,000 fraudulent messages. This poses a significant threat to individuals who may be tricked into divulging personal or financial information.\u003c/p\u003e\n\u003ch2 id=\"attack-chain\"\u003eAttack Chain\u003c/h2\u003e\n\u003col\u003e\n\u003cli\u003eThe attacker identifies potential victims, likely targeting drivers in specific regions based on publicly available information or purchased lists.\u003c/li\u003e\n\u003cli\u003eThe attacker crafts a fraudulent text message impersonating a transport authority, toll operator, or parking service. The message typically contains a link to a malicious website.\u003c/li\u003e\n\u003cli\u003eThe attacker sends the smishing message to the victim\u0026rsquo;s mobile phone via SMS.\u003c/li\u003e\n\u003cli\u003eThe victim receives the message and, believing it to be legitimate, clicks on the embedded link.\u003c/li\u003e\n\u003cli\u003eThe link redirects the victim to a fake website that mimics the official website of the impersonated organization.\u003c/li\u003e\n\u003cli\u003eThe website prompts the victim to enter personal information such as their name, address, phone number, credit card details, or banking credentials.\u003c/li\u003e\n\u003cli\u003eThe victim unknowingly enters their sensitive information on the fraudulent website, which is then captured by the attacker.\u003c/li\u003e\n\u003cli\u003eThe attacker uses the stolen information for financial fraud, identity theft, or other malicious purposes.\u003c/li\u003e\n\u003c/ol\u003e\n\u003ch2 id=\"impact\"\u003eImpact\u003c/h2\u003e\n\u003cp\u003eThis smishing campaign, active since December 2025 and still ongoing in April 2026, has affected over 79,000 individuals across 12 countries. Victims who fall for the scam risk having their personal and financial information stolen, potentially leading to financial losses, identity theft, and other forms of fraud. The broad scope of the campaign suggests a significant operational capacity on the part of the attackers.\u003c/p\u003e\n\u003ch2 id=\"recommendation\"\u003eRecommendation\u003c/h2\u003e\n\u003cul\u003e\n\u003cli\u003eDeploy the Sigma rule for SMS keyword detection to identify potentially malicious text messages based on keywords such as \u0026ldquo;toll,\u0026rdquo; \u0026ldquo;parking,\u0026rdquo; or \u0026ldquo;overdue\u0026rdquo; referencing \u003ccode\u003erules/sms_keyword_detection\u003c/code\u003e.\u003c/li\u003e\n\u003cli\u003eMonitor web traffic for connections to newly registered domains that are similar to legitimate toll or parking services. Block known malicious domains at the DNS resolver.\u003c/li\u003e\n\u003cli\u003eEducate users about smishing tactics and advise them to be cautious of unsolicited text messages requesting personal information.\u003c/li\u003e\n\u003c/ul\u003e\n","date_modified":"2026-04-29T12:55:10Z","date_published":"2026-04-29T12:55:10Z","id":"/briefs/2026-04-operation-road-trap/","summary":"A smishing campaign has been active since December 2025, targeting drivers in 12 countries with fraudulent text messages impersonating transport authorities, toll operators, and parking services, resulting in over 79,000 fraudulent messages sent as of April 2026.","title":"Large-Scale Smishing Campaign Impersonating Transport Authorities","url":"https://feed.craftedsignal.io/briefs/2026-04-operation-road-trap/"}],"language":"en","title":"CraftedSignal Threat Feed — Smishing","version":"https://jsonfeed.org/version/1.1"}