In recent months, cybercriminals have intensified their efforts in exploiting drivers through highway toll text scams, which are now affecting individuals across multiple states. These malicious SMS messages demand payment for fictitious toll charges, deceiving recipients into believing they owe money for using state electronic toll systems.
Cybersecurity experts from Symantec have been closely monitoring these scams, noting a significant rise in the number of fraudulent messages received by residents in states such as Illinois, Florida, North Carolina, and Washington. Millions of Americans are registered with their state’s electronic toll collection systems, which notify them via text message when they have unpaid tolls. However, scammers are taking advantage of this system by sending fake messages that mimic official state communications. These messages include links to fraudulent payment websites designed to steal personal and financial information.
“With the growing reliance on electronic toll systems, which millions of drivers use daily, the potential impact on both individuals and businesses is substantial,” a Symantec researcher stated. The researcher emphasized the importance of raising awareness about these scams to help users recognize and avoid them before falling victim.
The perpetrators behind these scams are diverse, ranging from organized cybercrime groups to individual hackers seeking a quick financial gain. Like many other scams, these fraudsters often create websites that closely resemble legitimate state government platforms, complete with features like CAPTCHAs to enhance their authenticity. Additionally, Symantec noted that some scammers restrict access to their malicious sites to mobile browsers and specific geographic locations, making it more difficult for authorities to detect and shut down their operations.
While the primary goal of these scams is to extort quick payments, many of them are also likely gathering extensive amounts of personal data for use in other criminal activities. Symantec highlighted the urgency and fear these messages can provoke, driving recipients to pay without verifying the legitimacy of the charges. An example provided by Symantec reads: “Our records indicate that your vehicle has used the FasTrak Express Lane. To avoid additional charges of $55.90, please settle your balance of $5.59 at hxxps[:]//tollbayareafastrak[.]com.”
The FBI has also been alerted to this growing threat. Since March, its Internet Crime Complaint Center (IC3) has received over 2,000 reports of smishing texts impersonating road toll collection services. States like Pennsylvania have repeatedly warned their residents about these scams, urging anyone who clicks on a fraudulent link to contact the FBI immediately.
The electronic toll collection systems being spoofed are critical financial tools used by states to maintain and develop the country’s vast network of highways, roads, bridges, and tunnels. In 2023, the market for state electronic toll collection reached an estimated $3.1 billion. The fear of service disruptions or fines for unpaid tolls has become a powerful weapon for cybercriminals, who exploit this anxiety to prompt quick, unverified payments.
Symantec has called for continued public awareness campaigns to combat these scams and urged state governments to collaborate with federal agencies in identifying and neutralizing the threat actors behind them. While these attacks are on the rise in the United States, they have also been reported in other countries, including Australia, Canada, and Japan.
The message is clear: Drivers need to be vigilant and skeptical of any unsolicited messages demanding payment for tolls. Taking the time to verify the authenticity of these communications can prevent becoming the next victim of this widespread scam.
Sponsored • TRJ Ads
Inquiries: contact@therealistjuggernaut.com
