Fake toll road texts sweep America as Chinese scammers target US drivers

A new scam has been uncovered that is targeting residents across the United States with text messages pretending to be from toll road operators. This scam is not only deceptive but also potentially costly for those who fall victim to it. The scam starts with individuals receiving a message claiming that they have unpaid tolls and may face fines. Scammers then request card details and a one-time password sent via SMS to steal their money. Security researchers suspect that Chinese smishing groups are behind this scam, selling SMS-based phishing kits to numerous scammers.

According to a report by KrebsOnSecurity, the scam begins with a text message purporting to be from a toll road operator, such as E-ZPass or SunPass. The message warns recipients about unpaid tolls and potential fines, pressuring them to act swiftly. Victims are directed to a fake website that mimics the toll operator’s site, where they are prompted to provide sensitive information like payment card details and one-time passwords.

These phishing attacks have been reported across the U.S., targeting users of toll systems like EZDriveMA in Massachusetts, SunPass in Florida, and the North Texas Toll Authority in Texas. Similar scams have surfaced in states such as California, Colorado, Connecticut, Minnesota, and Washington. The phishing pages are optimized for mobile devices and will not load on non-mobile devices, making them even more deceptive.

Phishing scams are evolving, with scammers using sophisticated SMS phishing kits like “Lighthouse” to create realistic-looking messages from toll road operators in multiple states. These kits are designed to trick users into divulging financial information, which is then used for fraudulent activities. The phishing sites are operated dynamically in real-time by criminals, making them harder to detect and shut down.

To protect yourself from falling victim to toll scam messages, it is crucial to stay vigilant and follow these steps:

1. Verify directly with toll operators: Avoid clicking on any links in messages about unpaid tolls or fines. Instead, visit the official website of the toll operator or contact their customer service directly to verify the claim.
2. Install strong antivirus software: Protect your devices with robust antivirus software to safeguard against malicious links, phishing emails, and ransomware scams.
3. Avoid sharing personal information: Refrain from providing sensitive details like payment card information, Social Security numbers, or one-time passwords via text or unverified websites.
4. Enable two-factor authentication (2FA): Use 2FA for your accounts to add an extra layer of protection and reduce the risk of unauthorized access.
5. Be cautious of urgency in messages: Scammers often create a sense of urgency to prompt immediate action. Take the time to verify the legitimacy of messages through official channels.
6. Report suspicious messages: If you suspect a phishing attempt, report it to the Federal Trade Commission or the FBI’s Internet Crime Complaint Center. Inform your mobile carrier to help block similar scams.
7. Use a personal data removal service: Employ a reputable data removal service to minimize your online footprint and reduce the risk of scammers obtaining your personal information.

As scams become more sophisticated, it is essential to stay informed and take proactive measures to protect yourself from falling victim to fraudulent schemes. By following these steps and staying vigilant, you can safeguard your personal information and financial assets from scammers looking to exploit unsuspecting individuals.