FBI Warns of Toll Smishing Scam

FBI Warns of Toll Smishing Scam <span class="bsf-rt-reading-time"><span class="bsf-rt-display-label" prefix="Reading Time"></span> <span class="bsf-rt-display-time" reading_time="2"></span> <span class="bsf-rt-display-postfix" postfix="mins"></span></span><!-- .bsf-rt-reading-time -->

The FBI's Internet Crime Complaint Center (IC3) has issued an alert regarding a smishing scam impersonating road toll services. Smishing, a form of phishing that uses text messages to deceive recipients into providing personal information or clicking on malicious links, is a growing threat as more people rely on their mobile devices for communication and transactions. 

Since early March 2024, IC3 has received over 2,000 complaints about smishing texts that claim the recipient owes money for unpaid tolls. These texts, which have been reported in at least three states, contain almost identical language and claim an outstanding toll amount. The texts also threaten a late fee if the balance is not settled. The text will include a fraudulent website meant to spoof the domain of the state’s toll service.

Direct iT took a look at the domains bought by threat actors as reported by Palo Alto Networks and found multiple meant to impersonate E-Z Drive MA and E-Z Pass NY, as well as DHL, USPS, and FedEx.

According to the FBI, the scam appears to be moving from state to state, with the phone numbers provided in the texts changing. Several recommendations are provided for individuals who receive these texts.

First, they should file a complaint with the IC3, including the phone number from which the text originated and the website listed within the text.

Second, they should check their account using the legitimate toll service's website and contact the toll service's customer service phone number.

Last, they should delete any smishing texts received and take steps to secure their personal information and financial accounts if they clicked any link or provided their information.

For business owners, the threat of smishing scams can be particularly concerning. These scams exploit the urgency and fear of owing money, prompting recipients to click on the fraudulent link and provide their personal information. This information can then be used by cybercriminals to commit identity theft, financial fraud, and other malicious activities.

To protect their businesses, owners should educate their employees about the dangers of smishing and implement policies to verify the legitimacy of any unsolicited texts demanding payment or personal information. Employees should be trained to recognize the signs of smishing and to report any suspicious texts to the appropriate authorities.

Individuals should always verify the legitimacy of the sender and the website before clicking on any links or providing any information. It is also crucial to keep personal information secure and monitor financial accounts for any suspicious activity.