Everyone seems to be receiving text messages alerting them of unpaid toll road violations, typically amounting to less than $25, accompanied by harsh penalties, threats of registration suspension, and warnings of reporting to state motor vehicle agencies. However, these messages are part of a scam that is currently widespread across mobile phones nationwide. Federal authorities such as the FBI, the Federal Trade Commission, and the Federal Communications Commission are actively investigating this scam, which relies on social engineering tactics that are becoming more prevalent and spreading geographically.
The scam, which involves fake road toll collection text messages, has been reported to the FBI’s Internet Crime Complaint Center since March 2024. While the concept of phishing over SMS or text messages, known as smishing, is not new, the use of toll road violations as a theme in these attacks is a recent development. Cybercriminals are taking advantage of the personal and urgent nature of text messages, coupled with the small amount of money requested, to trick individuals into divulging their credit card information.
The scammers behind this toll road scam are believed to be familiar cybercriminals, with the infrastructure and phishing kits originating from China. By employing tens of thousands of URLs and constantly registering new domains, they are able to sustain the spread of this fraudulent campaign. The malicious sites associated with these attacks often mimic legitimate toll road collection subdomains but utilize uncommon top-level domains that are typically associated with cybercrime.
Security researchers have identified over 57,000 malicious URLs linked to this scam, demonstrating the scale of the operation. While efforts are being made to take down these domains, the cybercriminals behind the scam are agile and can register new domains at a rapid pace. The majority of the malicious texts are sent via iMessage from email accounts linked to burner phones with SIM cards from the United Kingdom and the Philippines, indicating a global operation.
The toll road text scam is not limited to Apple devices, as similar fraudulent messages have been observed on Android-based phones as well. Cybercriminals are utilizing tactics to circumvent wireless network-based spam controls, focusing on internet-based platforms like iMessage and the RCS protocol. As a result, wireless providers and law enforcement agencies are urged to collaborate to combat these evolving tactics.
The FBI, FCC, and FTC have advised users to exercise caution, avoid clicking on links in unexpected texts, file complaints, and report spam messages. Individuals are advised to remain vigilant and treat messages from unknown senders with skepticism to avoid falling victim to such scams. By being aware of the signs of fraud, such as non-U.S. country codes and unusual top-level domains, individuals can protect themselves from falling prey to social engineering attacks.