In recent months, cybercriminals have expanded the scope of highway toll text scams, targeting drivers across multiple states with malicious SMS messages demanding payment for fictitious charges. These scams have become increasingly sophisticated, posing a significant threat to both individuals and businesses. This article delves into the details of these scams, how they operate, and what you can do to protect yourself.

The Rise of Highway Toll Text Scams

Researchers at cybersecurity firm Symantec have been tracking electronic toll collection scams across states like Illinois, Florida, North Carolina, and Washington. They have noted a startling increase in the number of scam messages received by residents¹. Millions of Americans use state electronic toll collection systems, which notify them via text when they have unpaid charges. Scammers have taken advantage of this system by sending fake text messages that appear to be from state authorities, directing recipients to a fraudulent payment website.

How the Scams Work

The scam messages typically contain a link to a fake payment website designed to look like a legitimate government platform. These websites often include features like CAPTCHAs to appear more credible. Once victims enter their personal and financial information, the scammers can siphon off this data for malicious purposes².

Symantec researchers have found that the perpetrators of these scams are diverse, ranging from organized cybercrime groups to individual hackers looking for a quick payout. They use spoofed state government websites and send urgent-sounding text messages to trick victims into paying quickly³.

The Impact on Victims

The primary motive behind these scams is to collect quick payments, but many scammers also gather large amounts of personal data for other criminal activities. For instance, Recorded Future News reported that researchers found almost 30 phishing websites spoofing the electronic toll collection service E-ZPass⁴. The FBI has also received over 2,000 reports of smishing texts impersonating road toll collection services since early March⁵.

Why These Scams Are Effective

The sense of urgency created by these scam messages is a powerful tool for cybercriminals. People are more likely to respond quickly out of fear of service disruptions or fines for unpaid tolls. One text message highlighted by Symantec stated: “Our records indicate that your vehicle has used the FasTrak Express Lane. To avoid additional charges of $55.90, please settle your balance of $5.59 at hxxps[:]//tollbayareafastrak[.]com”⁶.

Geographic Targeting and Evasion Tactics

Some scammers limit access to their malicious sites to mobile browsers and specific geolocations to evade detection and prolong the lifespan of their scams. This makes it more challenging for authorities to track and shut down these fraudulent websites⁷.

The Broader Implications

The tolls being spoofed are key financial mechanisms that states use to maintain and develop the country’s extensive network of highways, roads, bridges, and tunnels. The state electronic toll collection market reached $3.1 billion in 2023, according to IMARC. The disruption caused by these scams can have significant financial implications for state infrastructure projects.

What You Can Do to Protect Yourself

1. Verify the Source: If you receive a text message about unpaid tolls, do not click on any links. Instead, contact the tolling agency directly using a phone number or website you know is legitimate.
2. Report Suspicious Messages: Use your phone’s “report junk” option to report unwanted texts to your messaging app or forward them to 7726 (SPAM).
3. Stay Informed: Keep up-to-date with the latest scam alerts from reliable sources like the FBI and your state’s tolling agency.
4. Educate Others: Share information about these scams with friends and family to help them avoid becoming victims.

Government and Industry Response

Symantec has suggested that state governments continue public awareness campaigns to prevent people from falling for these scams. They also urge states to coordinate with federal agencies to identify threat actors and share effective countermeasures.

International Reach

While these attacks are increasing in the U.S., other countries such as Australia, Canada, and Japan have also been affected. This highlights the global nature of cybercrime and the need for international cooperation in combating these threats.

Conclusion

Highway toll text scams are a growing threat that requires vigilance and proactive measures to combat. By staying informed and taking steps to verify the legitimacy of any toll-related messages, you can protect yourself from falling victim to these scams. Remember, if something seems suspicious, it’s always better to err on the side of caution.

Additional Resources

For further reading and to stay updated on the latest developments, you can explore the following resources:

• FTC Consumer Alert on Toll Scams⁶
• AARP Article on Toll Road Text Scams⁵
• Symantec’s Research on Toll Scams¹

By staying informed and cautious, you can help protect yourself and others from falling victim to these increasingly sophisticated scams.

¹: Symantec’s Research on Toll Scams ²: FTC Consumer Alert on Toll Scams ³: AARP Article on Toll Road Text Scams ⁴: Recorded Future News on E-ZPass Phishing ⁵: FBI Alert on Smishing Texts ⁶: Symantec’s Example of Scam Text ⁷: Symantec’s Research on Geolocation Targeting : IMARC Report on Toll Collection Market : Symantec’s Recommendations for Government Response : International Impact of Toll Scams