If you see these two words in a message on your mobile phone, delete it immediately
One of users' biggest fears is falling prey to criminals who use tricks and innovative methods to deceive and scam users through mobile devices. This concern stems from the speed with which these criminals operate secretly, evading detection.
In this context, digital platforms, messaging apps, and other similar media have become prime targets for cybercriminals. However, recently, a new type of fraud has emerged that could put personal data and bank accounts at risk.
The Federal Bureau of Investigation (FBI) has issued tips for detecting phishing SMS messages targeting Android and iPhone users. The messages appear to be at risk, according to an investigation that revealed a "massive expansion of phishing campaigns" since early 2025, using more than 60,000 different web domains.
Many fraudulent messages include a lure, such as a supposedly outstanding fine or a missed payment, accompanied by a link urging you to resolve the issue immediately. These texts often mimic official communications from well-known brands or government agencies, and the links are carefully crafted to match the motive of the scam. It is common for the URL to be long and contain keywords that enhance the message's credibility.
However, cybercriminals use techniques to make links appear legitimate by incorporating words that visually deceive the user. According to a recent report by SpamHaus, which identified the 20 most commonly used words in fake link scams, the link ending with "com-track" stands out as a risk indicator. This strategy allows attackers to duplicate links from the brand's original domain, adding "-track" to the end, thus skillfully concealing the malicious link.
Added to the above is the use of com-toll, a new variant that cybercriminals have begun to use more frequently. Similar to com-track, this ending is added after the original domain to make the fraudulent link more difficult to identify.
Expert advice is clear: If you see one of these endings, com-track or com-toll, in a link, it's best to delete the message immediately and, most importantly, avoid clicking on any links. These scams are becoming increasingly sophisticated and represent one of the most prevalent threats today.