Global Smishing Campaign Targets Drivers with Fake Traffic Fines

Severity: High (Score: 69.5)

Sources: Bitdefender, Escudodigital

Summary

Bitdefender Labs has identified a widespread smishing campaign affecting drivers in at least 12 countries, including the United States, Canada, Australia, and the United Kingdom. Between December 2025 and April 2026, over 79,000 fraudulent SMS messages and 31,900 malicious URLs were detected, with up to 40 distinct active campaigns. The messages impersonate transport authorities and toll operators, claiming unpaid fines or tolls, and create a sense of urgency with threats of legal action or additional fees. Victims are directed to fraudulent websites where they may be prompted to enter sensitive personal and banking information or download malware. The campaign is characterized by its use of multiple languages and sophisticated techniques to evade detection. Despite the scale and coordination of these attacks, no specific threat actor has been identified. Bitdefender recommends vigilance and caution when receiving such messages. Key Points: • Over 79,000 fraudulent SMS messages detected in a global smishing campaign. • Attackers impersonate transport authorities to create urgency and extract sensitive data. • No specific threat actor has been identified, but the campaign is highly coordinated.

Key Entities

• Malware (attack_type)
• Phishing (attack_type)
• Operation Road Trap (campaign)
• Australia (country)
• Brazil (country)
• Canada (country)
• Colombia (country)
• France (country)
• guichet.lu (domain)
• Government (industry)
• T1041 - Exfiltration Over C2 Channel (mitre_attack)
• T1071 - Application Layer Protocol (mitre_attack)
• T1566.002 - Spearphishing Link (mitre_attack)
• Android (platform)
• IOS (platform)
• Firebase (platform)
• GitHub (platform)
• Telegram (platform)