Operation Road Trap: Inside the 79,000-Message Smishing Wave Hitting Drivers Worldwide

Security researchers at Bitdefender Labs have uncovered a massive, ongoing “smishing” (SMS phishing) operation that called Operation Road Trap, has successfully delivered tens of thousands of fraudulent messages to mobile users worldwide. The campaign, which has been active since at least December 2025, impersonates transport authorities and parking services to trick drivers into handing over their financial data.

So far, the researchers have detected over 79,000 fraudulent messages spread across 40 distinct scam campaigns. These messages have reached users in a dozen countries, including the US, Canada, Australia, the UK, and France.

The scammers rely on high-pressure tactics, often sending alerts about unpaid tolls or parking tickets that require immediate attention. To increase the sense of urgency, the messages frequently mention a specific “35% late fee” if the payment isn’t made through the provided link.

According to the report, the infrastructure behind the attack is highly organized: “Its infrastructure is characterized by rapid domain generation, sender-ID spoofing, and multiple evasion techniques targeting mobile operating systems”.

By spoofing sender IDs, the messages can appear in the same thread as legitimate alerts from official agencies, making them incredibly difficult to spot.

While the lures are convincing, Bitdefender Labs identified several consistent “red flags” that users should look for:

• The “Reply Y” Trap: Many scams ask the user to reply “Y” before they can even open the link.
• Domain Mismatch: The sender may appear official, but the actual URL in the message does not match the legitimate agency’s domain.
• Unusual Links: Scammers often use shortened or slightly misspelled URLs to hide their true destination.
• Requests for Personal Info: Legitimate authorities rarely request sensitive banking or card details via an unsolicited text message.

The scale of these attacks is part of a worrying global trend. The report highlights that “consumers lost $470 million to text-based scams in 2024, a fivefold increase compared to 2020”. In the US alone, the FBI recorded nearly 60,000 complaints specifically related to toll scams in a single year.

As these campaigns continue through April 2026, Bitdefender Labs urges drivers to pause and think before clicking. “Legitimate authorities rarely request payments through unsolicited text messages with embedded links”. The best defense is to ignore the text and check for any outstanding fines through an official government app or website directly.