It looks like SMS scammers are at it again, and this time the whole thing has gotten bigger, nastier, and more organized.

Over the past year, a massive wave of fake text messages has been circulating in the US (and internationally), pretending to be about unpaid tolls, missed package deliveries, or government programs. You click the link, enter your card details thinking you’re paying a small fee, and—bam—the scammers have your info. Some people have ended up losing thousands of dollars.

Security researchers from Mnemonic, working with Norwegian reporters, investigated the matter and discovered a scam software called Magic Cat, operated by a 24-year-old Chinese national who went by “Darcula.” This individual was selling the tool to hundreds of clients, enabling them to run their SMS phishing campaigns. After they got exposed, Darcula vanished… but the scam didn’t.

Instead, a new group emerged, calling itself Magic Mouse. And apparently, they’re running things on an even bigger scale—stealing something like 650,000 credit card numbers every month. They’ve been spotted on Telegram showing off videos of dozens of phones blasting out mass scam texts and photos of payment terminals ready to use stolen card data.

They take the card numbers, load them into mobile wallets, make fraudulent payments, and then launder the money through various accounts. A significant portion of their success stems from using the same phishing kits as Magic Cat—sites that closely resemble prominent tech companies, delivery services, or other trusted brands.

The frustrating part? Law enforcement appears to focus primarily on individual fraud cases rather than attempting to shut down the operation as a whole. Meanwhile, security experts say that tech companies and banks need to take more serious measures to prevent stolen cards from being used so easily.

For now, the best advice remains the boring but true one: if you receive an unsolicited text asking you to click a link or pay for something, ignore it. These scams are evolving rapidly, and the safest course of action is not to engage at all.

If anyone’s seen a spike in these kinds of texts lately, it would be interesting to hear what kinds of “stories” they’re using now.

Yeah, I’ve been seeing a lot of these lately, especially the “unpaid toll” and “package delivery” ones.
Some of them are so convincing now that even the URL looks almost legit—just a single letter off from the real site.

One thing I’ve started doing is never clicking on links in texts, even if they look legitimate.
If it’s about a toll, I’ll go to the official toll website manually.
If it’s about a delivery, I’ll check the official courier app or tracking page.
The same applies to anything claiming to be from my bank—I’ll log in directly from the official site or app.

Also worth noting, these scammers are becoming increasingly sophisticated in their timing.
I’ve seen a lot of texts come in right after I’ve ordered something online, so it feels like it could be related.
That’s a huge red flag—they’re just playing the odds.

The best advice I can give is to treat every unexpected payment request as suspicious until you verify it independently.

The moment you click, you’re already halfway into their trap.