If you’ve ever used a toll road, you might be at risk of falling for a widespread scam that’s making the rounds globally. The FBI has issued warnings about a smishing (SMS phishing) attack where cybercriminals impersonate toll agencies to steal financial information.
How the Scam Works
Scammers send text messages that look like legitimate toll payment alerts, often claiming you have an outstanding balance that must be paid immediately to avoid fines or license suspension. These texts contain links to fake payment portals, tricking unsuspecting victims into entering their credit card details.
This happened to me recently. I received a message claiming that my Fast Track toll needed payment to avoid a fine, directing me to an “ExpressPay” link. While I had used a toll pass once on a road trip, I knew that ExpressPay wasn’t a service I used. That raised a red flag, and I quickly realized it was a scam.
Unfortunately, many people have fallen for this scheme, unknowingly handing over their banking details to criminals who then drain accounts or use stolen information to create digital wallets for fraudulent transactions.
Why This Scam is So Effective
This scam is a clever example of social engineering. Toll roads are everywhere, and many have transitioned to automatic billing systems, eliminating cash payments. Scammers take advantage of this widespread usage, sending mass messages to potential victims. Even if only a small percentage fall for it, the impact is significant.
Additionally, hackers are becoming more sophisticated. They no longer need to steal large sums from individual victims—they can take small amounts from thousands of people without raising immediate suspicion.
How to Protect Yourself
Here are some essential steps to avoid falling victim to toll scams and other phishing attacks:
-
Never Click Links in Unexpected Texts
-
If you receive a toll payment request via text, do not click any links. Instead, visit the official website of your toll service provider by typing the URL directly into your browser.
-
Verify the Source
-
If you’re unsure about a toll charge, log in to your toll account independently or contact the agency directly using their official customer service number.
-
Be Cautious of Unknown Senders
-
Toll agencies typically do not send payment requests via random text messages. Be skeptical of messages from unfamiliar numbers.
-
Check for Phishing Indicators
-
Look for misspellings, unusual URLs, or generic greetings in messages. Scammers often use subtle errors that give them away.
-
Use Two-Factor Authentication Safely
-
If a service sends you a verification code, remember that legitimate messages will not contain clickable links. You should enter codes manually on the appropriate website.
-
Monitor Your Accounts Regularly
-
Check your bank statements and toll account for unauthorized transactions. If anything seems off, report it immediately.
-
Report Suspicious Messages
-
If you receive a scam text, file a complaint with the Internet Crime Complaint Center (ic3.gov) and report the phone number and website used. Deleting the message and blocking the sender can also help prevent further scams.
-
Update Your Passwords and Use a Password Manager
-
If you accidentally click a suspicious link and enter any information, change your password immediately. Using a password manager can help generate and store secure passwords.
FEATURED IN PODCAST EPISODE 13