TelcoNews New Zealand - Telecommunications news for ICT decision-makers
SMS phishing campaign targets Australia & New Zealand
Phishing Cybersecurity Bitdefender

SMS phishing campaign targets Australia & New Zealand

Thu, 30th Apr 2026 (Yesterday)
Sean Mitchell
SEAN MITCHELL Publisher

Bitdefender has identified a large SMS phishing campaign targeting consumers in Australia and New Zealand. It uses fake toll and traffic fine messages that imitate trusted transport operators and government agencies.

The cyber security company tracked more than 79,000 fraudulent text messages, at least 29,200 unique message variants and more than 31,900 malicious URLs across over 40 coordinated campaigns. The activity has been running since December 2025 and remained active in April 2026.

Australia has emerged as one of the main targets, with attackers impersonating Linkt, the toll operator used across New South Wales, Victoria and Queensland. Many of the messages use sender ID spoofing, making a text appear to come from "Linkt" and, in some cases, placing it inside an existing message thread on a recipient's phone.

That approach is designed to make a message look familiar rather than suspicious. More than 2,200 shortened URLs were used in the Australian strand of the campaign to conceal malicious destinations and direct users to payment pages designed to capture card details and other personal information.

In New Zealand, the campaign uses a different set of names and institutions. Scammers were found to be impersonating New Zealand Police and the Ministry of Justice, using government-themed domains and language that reflects official enforcement procedures.

The activity in New Zealand has been concentrated in Auckland, Wellington and Canterbury. The localisation of the messages, domains and payment requests suggests attackers are adapting their methods to match the habits and expectations of users in each market.

How it works

Across both countries, the scam follows a familiar pattern. Recipients get a text claiming they have an unpaid toll, overdue parking fee or outstanding traffic fine, along with a warning that penalties, extra charges or legal consequences will follow unless the issue is resolved quickly.

Those deadlines usually range from 24 to 72 hours. The urgency is meant to pressure people into acting before checking whether the demand is genuine.

Victims who follow the links are taken to websites that mimic official payment portals. In some cases, they are then asked to install applications that can give attackers deeper access to a mobile device.

Some of the more advanced variants include prompts telling users to reply "Y" before opening a link. That extra step appears intended to lower scepticism and increase the chances that a recipient will keep engaging with the scam.

Local adaptation

The wider campaign spans more than a dozen countries, but Australia and New Zealand stand out for the level of localisation involved. In Australia, widespread digital tolling and strong trust in transport-related notifications give attackers a recognisable template to imitate.

In New Zealand, the use of police and justice branding gives the scam a stronger enforcement theme. In both markets, the result is a message that looks less like a generic phishing attempt and more like a routine administrative notice.

No single threat group has been identified. The campaign reflects a broader shift in cybercrime towards scams that are more personalised, geographically tailored and focused on direct financial theft.

Rather than relying on mass, generic wording, operators are adjusting language, institutions and visual presentation to fit local systems. That can make the messages harder to spot, especially on mobile screens where users tend to make quick decisions.

Consumer risk

The immediate risk for victims is financial loss through stolen card details, but the exposure can extend further. Personal information entered into fake forms can be used for later fraud, while a malicious app installation can open a path to longer-term device compromise.

Because many of the messages appear to come from known organisations, the usual warning signs of scam texts may be less obvious. A message shown under a recognised sender name or in a pre-existing text conversation may carry more credibility than one sent from an unfamiliar number.

Bitdefender urged consumers not to click links in unsolicited messages and instead verify any toll, fine or fee directly through an official app or website. It also warned users to be cautious of urgent or threatening language, avoid downloading apps from unknown sources and never share sensitive financial or personal data in response to SMS requests.

Users should be especially wary of messages that ask them to take an unusual step before opening a link or making a payment, such as replying first to confirm the message. Such techniques are being used as part of the fraud process to increase interaction rates.

The campaign remains active, with tens of thousands of messages and a large pool of domains and URLs already identified across multiple countries.

Related stories
NCS unveils AI partnerships for public safety in APAC
New Zealand equipment often unused, Teletrac finds
Fortinet report finds boards resist cyber hiring push
Why frontline mobility is becoming an operational intelligence layer
Cloudflare flags surge in major internet outages worldwide
Top stories
Claroty finds flaws in EnOcean SmartServer IoT platform
How accurate address data powers identity verification
TP-Link launches PTZ5425 camera for business sites
Telecoms warned against rushing AI rollouts, survey finds
Askey & pureLiFi unveil all-in-one 5G broadband link