If you receive a text message claiming you owe money for unpaid road tolls, beware – it’s likely a scam. The Federal Bureau of Investigation (FBI) has issued a warning about a prolific new smishing campaign that has already impacted thousands of Americans. Since early March 2024, the FBI’s Internet Crime Complaint Center (IC3) has received over 2,000 reports of these smishing texts representing road toll collection services across at least three different states. And the scam appears to be spreading, with the FBI stating that the complaint information indicates the scam is moving from state to state.
What is this Smishing Scam All About?
Smishing is a form of phishing that uses text messages (SMS) to trick victims into revealing sensitive information or taking harmful actions. The term “smishing” combines “SMS” (short message service, or text messaging) and “phishing”, since it uses text messages to exploit human trust and manipulate victims, similar to how phishing attacks use fraudulent emails.
In this scam, victims receive a text message that looks like it’s from their state’s road toll collection service. The message claims the recipient owes a certain amount, such as $12.51, for unpaid tolls. To avoid a late fee, typically $50, the message urges the recipient to visit a website – for example, “https://myturnpiketollservices.com” – to pay the balance.
However, the website link is completely fake and is designed to impersonate the legitimate toll collection service. The phone numbers used to send the messages also appear to change between different states, making it harder for victims to identify the scam. The language used in these messages is similar across the thousands of complaints received by the FBI. All of them include a message about an “outstanding toll amount” and the threat of a late fee to pressure victims into taking action.
Why Are Scammers Using Unpaid Toll Fees as Bait?
Scammers are using road toll fees as the lure for this smishing campaign because it’s a believable message that many people would take seriously and causes them to take immediate action. After all, we all know that failing to pay road tolls can result in fines and fees, so the threat of an outstanding balance feels like it could be true. Additionally, paying tolls is a common part of daily life for many drivers, especially those in urban or suburban areas. So, the idea of receiving a notification about an unpaid toll doesn’t immediately raise suspicions the same way an out-of-the-blue request for money might. Scammers are banking on the fact that most people would rather quickly resolve an outstanding toll balance than risk incurring additional fees. This emotional response plays right into the scammers’ hands, encouraging victims to click the link without verifying its legitimacy first.
What Should You Do if You Receive These Scam Texts?
If you receive a text message claiming you owe money for unpaid road tolls, here’s what the FBI recommends:
- File a complaint with the IC3 at www.ic3.gov. Be sure to include the phone number the text came from and the website listed in the message.
- Check your account using the toll service’s legitimate website. Don’t click the link provided in the text message.
- Contact the toll service’s customer service number directly to inquire about your account status.
- Delete the smishing text you received.
- If you did click the link or provide any information, take steps to secure your personal and financial accounts. Monitor for any unfamiliar charges and dispute them immediately.
The key is to verify the legitimacy of the message through official channels, rather than clicking the link provided by the scammers. Toll services have their own processes for notifying customers about unpaid fees, and they won’t demand immediate payment via a shady website link.
Who is Being Targeted?
While the FBI’s warning didn’t specify which state toll services have been impacted, we know the Pennsylvania Turnpike has been targeted by these scammers since they have directly warned customers about the scam, stating: “Some customers have received phishing-attempt text messages claiming to be from the PA Turnpike’s toll services. If you receive such a text, providing you with a link to pay an outstanding toll, do not click on the link, and delete the text.”
The Pennsylvania State Police also issued a warning, saying: “BE AWARE: We have received multiple concerns regarding the attached scam text message in our area. This link will send you to a fake Turnpike website and collect your information!”
Beyond Pennsylvania, the FBI indicates the scam has already hit at least two other states. And given the nature of these types of scams, it’s likely only a matter of time before it spreads to other regions as well. It’s worth noting that the scammers aren’t just targeting state-specific toll services. The FBI is also aware that the E-ZPass toll collection system, which is used across Eastern, Midwestern, and Southern United States, has also been a target of these attacks since March.
Smishing Attacks are on the Rise
This latest toll fee scam is just the latest example of a growing trend of smishing attacks targeting mobile users. We’ve also seen a huge number of smishing scams about an upcoming or missed delivery, directing them to a website to get information about a package they might miss – which is particularly effective around the holidays when many people are expecting packages.
Smishing, which uses text messages instead of email, has become an increasingly popular tactic for cybercriminals. Compared to traditional phishing attacks delivered via email, smishing messages often seem more urgent and believable since they’re arriving directly on your phone. A recent report from a cybersecurity firm found a record number of mobile phishing attacks in 2023, with roughly half of all mobile phone owners worldwide exposed to an attack every quarter.
Additionally, people tend to let their guard down when receiving a text message, assuming it’s from a trusted source. This makes them more likely to click a malicious link or provide sensitive information without verifying the source first. Scammers favor smishing because it’s relatively easy for them to spoof legitimate phone numbers and impersonate trusted organizations. With a few technical tricks, they can make it appear as though the message is coming from an official toll road service.
How to Protect Yourself from Smishing Scams
To avoid becoming a victim to smishing scams or other mobile phishing attacks, it’s important to be skeptical toward any unsolicited text messages, even if they look like they are from a legitimate business or government agency.
Here are some tips to help you spot and avoid smishing scams:
- Never click on links or call phone numbers provided in unexpected text messages. Instead, contact the organization directly using their official website or customer service number.
- Scammers know people are increasingly nervous about clicking links and are including phone numbers to call. Look up the organization online and only contact them via an official phone number, not the phone number texted to you.
- Beware of messages that create a sense of urgency or threaten negative consequences if you don’t take immediate action. Scammers use this tactic to pressure victims.
- Watch out for generic greetings like “Dear customer” rather than using your name. Scammers often cast a wide net with these types of messages.
- Follow these tips to keep your cell phone secure, including keeping your phone’s software up-to-date to help detect and block malicious links and attachments.
By being a little skeptical, taking a second to research and verify the source of the suspicious message, you can help protect yourself from becoming a victim of this latest smishing scam and others like it.