Intel Name: Over 10k domains registered for smishing impersonating toll and package delivery services
Date of Scan: March 10, 2025
Impact: High
Summary: A threat actor has registered over 10,000 domains with the “com-” prefix for SMS phishing (smishing) scams. These domains impersonate toll and package delivery services across 10 U.S. states (CA, FL, IL, KS, MA, PA, NJ, NY, TX, VA) and Ontario, Canada. The smishing campaign aims to steal personal and financial information by tricking victims through cleverly crafted domain names. Over 70% of the domains use the same two name servers, with 93% of the IPs resolving to AS13335 (Cloudflare). We are actively tracking and blocking this campaign, dubbed “com_smishing.”
