Drivers and non-drivers alike across the nation are being targeted by scammers impersonating toll road operators, putting victims at risk of having their personal and financial information stolen.
The schemes have prompted warnings from transportation authorities, law enforcement, and consumer protection agencies.
According to the agency, the scams are aimed at obtaining personal information such as credit card details, user names, and passwords. The agency encouraged anyone who has received such a message to report it to the FBI’s Internet Crime Complaint Center.
The fraudulent texts usually will tell victims they owe a relatively small amount for unpaid tolls.
An example provided by the FBI reads: “(State Toll Service Name): We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.”
The agency said the language is nearly identical across complaints and the “outstanding toll amount” is similar, with the only difference being the state’s toll service name and phone numbers.
Security researchers have traced the uptick in these scams back to criminal groups.
Ford Merrill, who works in security research at SecAlliance, told Krebs on Security that at least one Chinese cybercriminal group has been selling advanced SMS phishing kits and offering new phishing pages to impersonate toll operators.
Merrill explained that these groups are rotating from package redelivery schemes to toll road scams.
“What we’re seeing with these tolls scams is just a continuation of the Chinese smishing groups rotating from package redelivery schemes to toll road scams,” Merrill said. “Every one of us by now is sick and tired of receiving these package smishing attacks, so now it’s a new twist on an existing scam.”
