![\"IMG_3408\"](\"https:\/\/i0.wp.com\/ddi.mohflo.net\/wp-content\/uploads\/2025\/04\/toll-scams-are-whats-happen-xin-right-now.png?resize=640%2C1385&ssl=1\")
<\/p>\nHave you ever received an odd text message on your phone, purporting to be from a toll provider or package delivery service? If you have a U.S. cell phone, chances are you\u2019ve encountered one of these SMiShing attempts\u2014cybercriminals\u2019 latest ploy to trick you into giving up your personal and financial details. SMiShing (a portmanteau of SMS and phishing) relies on victims clicking deceptive links that appear legitimate but actually lead to malicious websites.<\/p>\n
<\/p>\n
<\/p>\n
In one recently observed scam, users received text messages about unpaid toll fees with a link that seemed to be connected to a well-known site, such as e-zpass.com<\/span>. Closer inspection, however, revealed the URL actually belonged to something like e-zpass.com-emzwsefybawjadl[.]xin<\/span>, a completely different top level domain (.xin<\/span>) rather than a more legitimate .com<\/span>. The .xin<\/span> TLD was initially introduced as a \u201ctrust-centric\u201d top-level domain, but in practice, many .xin<\/span> domains are being used for criminal activities. ThreatSTOP found more than 7,000 suspicious .xin<\/span> domains designed to mimic toll service providers like E-ZPass and FasTrak, among others, amongst the 43,000+ domains active in the TLD.<\/p>\n You may have not heard of .xin until recently. According to ICANN wiki<\/a>:<\/span><\/p>\n “The intention of Elegant Leader Limited (\u201cElegant\u201d) in filing this gTLD<\/a> application is to establish a trusted and reliable namespace in China and in the world. This offers an opportunity for large companies, SMEs, and individuals that are willing to demonstrate themselves as a trusted and reliable entity on the Internet. To fulfill this mission, Elegant expects to align with top-notch registry operator, Afilias Ltd., experienced ICANN accredited registrar, HiChina Zhicheng Technology Ltd., relevant verification and validation agents, and other reputable 3rd-party service providers and neutral associations, to join force and to build a trust-centric .XIN gTLD<\/a>.<\/p>\n Unlike existing TLDs<\/a> which may have legacy rules that make some of the registrants data unverified, .XIN aims to verify and validate registrant information at the very beginning of the launch of the TLD<\/a>, and will do so at an on-going basis. By doing so, .XIN gTLD<\/a> can strengthen the Internet marketplace in China and in the world with elevated level of trust and reliability for both registrants and users.<\/p>\n<\/blockquote>\n But .xin<\/span> is far from the only culprit. These malicious campaigns also exploit TLDs such as .top<\/span>, .vip<\/span>, .win<\/span>, .cc<\/span>, and others, often impersonating known brands and entities like USPS, FedEx, or local transportation authorities. (e.g., fedex.com-gsjb[.]xin<\/span>, usps-verification[.]xin<\/span>, usps.com.tools-packagmur[.]xin<\/span> or <\/span>mndot-etzwau.xin<\/span>).<\/p>\n How SMiShing Tricks You<\/strong><\/p>\n Proactive Ways to Stay Protected<\/strong><\/p>\n The best defense against SMiShing is caution:<\/p>\n ThreatSTOP\u2019s Proactive Protections<\/strong><\/p>\n ThreatSTOP\u2019s solutions are designed to help organizations and individuals connect with customers, disconnect from risks<\/strong><\/span>. Our ThreatSTOP Security, Intelligence, and Research team<\/strong><\/span> continuously creates threat protections for command and control, invalid traffic, peer-to-peer communication, data exfiltration, phishing, spam, Distributed Denial of Service (DDoS), and more.<\/p>\n Protective DNS<\/span> \u2022 On-Prem<\/strong><\/a>: For those running their own DNS infrastructure on-premises, ThreatSTOP\u2019s DNS Defense seamlessly integrates with your existing DNS servers. Our threat intelligence feed ensures your network proactively blocks suspicious domains, helping stop SMiShing attacks in their tracks.<\/p>\n Whether it\u2019s a phishing domain from a lesser-known gTLD or a bulletproof hosting service hidden in plain sight, ThreatSTOP\u2019s integrated platform helps keep your environment safe from evolving threats.<\/p>\n Take the Next Step to Strengthen Your Security<\/strong><\/p>\n For those interested in joining the ThreatSTOP family, or to learn more about our proactive protections for all environments, we invite you to visit our\u202fproduct page<\/a>. Discover how our solutions can make a significant difference in your digital security landscape. We have\u202fpricing\u202ffor all sizes of customers! Get started with a Demo today!<\/p>\n Connect with Customers, Disconnect from Risks<\/strong><\/p>\n\n
\n
<\/span><\/li>\n<\/ol>\n\n
\n
<\/span>\u2022 <\/span>Cloud<\/strong><\/span><\/a>: Experience continuous, cloud-based DNS protection without the hassle of deploying or managing your own DNS infrastructure. By redirecting your DNS queries through our intelligence-backed servers, you gain proactive blocking of known malicious domains\u2014like those found in SMiShing attempts\u2014before they can cause any damage.<\/p>\n
\n