Unpaid Toll Texts: Scam Alert!

Widespread Smishing Scam Targets Drivers

Are you receiving suspicious text messages about unpaid tolls? You’re not alone. A nationwide scam is circulating, attempting to deceive people into paying for phantom toll violations. These messages often threaten excessive penalties or suspended vehicle registrations if the small “past due” amount isn’t immediately paid. Federal authorities, including the FBI, the Federal Communications Commission, and the Federal Trade Commission are actively investigating these increasing attacks.

How the Scam Works

This scam, known as smishing (phishing via SMS), isn’t entirely new. The FBI’s Internet Crime Complaint Center has been tracking similar scams since March 2024. This new iteration uses unpaid toll violations as bait, similar to previous scams involving missed package deliveries. Cybercriminals exploit the personal and time-sensitive nature of text messages, combined with the relatively small amounts requested, to obtain credit card information.

Aidan Holland, a security researcher at Censys, explains, “They don’t care about the seven bucks. They want your credit card number. It’s just a low-dollar amount that most people will either pay without thinking or not give it a double take.”

The Source and Spread

Threat researchers have traced the origins of the infrastructure and phishing kits used in this scam to China. According to Renée Burton, VP of threat intelligence at Infoblox, “It’s the same folks who are doing all sorts of text-based scams.” The scammers use tens of thousands of URLs and consistently register new domains to keep the scam spreading.

These malicious sites often mimic legitimate toll road collection subdomains but use uncommon top-level domains typically associated with cybercrime. Palo Alto Networks’ Unit 42 identified common subdomains used in these URLs, including “ezdrive,” “e-zpass,” “fastrak,” and others. The inconsistency in legitimate toll road collection domains contributes to the scam’s success.

Technical Details and Mitigation

Holland discovered a massive number of malicious URLs linked to the scam earlier this month. Unit 42 found thousands of registered domains for smishing services posing as toll services, many hosted on networks owned by China-based firms. While efforts to take these domains offline are ongoing, the cybercriminals can quickly register many more.

Most malicious texts are delivered via iMessage from email accounts registered to burner phones with SIM cards based in the United Kingdom and the Philippines. Cybercriminals are also deploying tactics to circumvent wireless network-based spam controls. As these tactics evolve, collaboration between wireless providers, messaging platforms, and law enforcement is crucial.

Protect Yourself: Tips to Avoid Becoming a Victim

The FBI, FCC, and FTC advise the following:

  • Exercise caution and avoid clicking links in unexpected texts.
  • File complaints with the appropriate authorities.
  • Delete suspicious messages immediately.
  • Report unwanted texts as spam and block the sender’s number.
  • Forward the message to 7726 or “SPAM” to report it to your wireless provider.

Stay Vigilant

Whether it’s toll roads, package notifications, or other everyday scenarios, these social engineering attacks persist because they work. To avoid falling victim, always practice vigilance and treat messages from unknown senders with skepticism.

Chester Wisniewski, director and global field chief technology officer at Sophos, advises, “These scams are somewhat easy to spot as fraud if you’re paying attention. Remain vigilant for non-U.S. country codes and look for unusual top-level domains.”

Considering Software Outsourcing?

For businesses seeking to enhance their cybersecurity infrastructure and protect against evolving threats, consider exploring strategic partnerships. At Evotek, we specialize in developing cutting-edge cybersecurity solutions tailored to your specific needs. Explore our comprehensive Custom Software Development services and fortify your defenses against cyber threats. Contact us today for a consultation!

Content