Researchers warn of text scams that send drivers fake bills for highway tolls

Cybercriminals have expanded the scope of so-called highway toll text scams in recent months, targeting people across multiple states with malicious SMS messages demanding payment for fictitious charges.

Researchers at cybersecurity firm Symantec have been tracking electronic toll collection scams across Illinois, Florida, North Carolina and Washington — noting the startling increase in messages received by residents. 

Millions of Americans have signed up for their state electronic toll collection system, which texts you when you have unpaid charges to cover. Scammers now send text messages pretending to be state authorities, providing a link to a fake payment website that allows them to siphon critical personal information as well as financial data. 

“With the growing reliance on electronic toll systems, which millions of drivers use daily, the potential impact on both individuals and businesses is substantial,” a Symantec researcher told Recorded Future News. “Highlighting this issue now is crucial to raising awareness and helping users recognize and avoid these threats before they become victims.”

The researchers said those behind the scams are diverse, ranging from organized cybercrime groups to individual hackers looking for a quick payout. 

Like other scams, they typically use an array of spoofed state government websites and send text messages that sound urgent, attempting to trick victims into paying quickly.

Examples of highway toll text scams with website links that resemble legitimate toll portals. Image: Jonathan Greig

Some of the fake websites are made to look like real government platforms, even having CAPTCHAs to make them seem more legitimate. 

Symantec noted that some of the scammers limit access to their malicious sites to mobile browsers and specific geolocations, aiming to evade detection and prolong the lifespan of their scams.

Quick payments are the primary motive of the schemes but many are also likely collecting large amounts of personal data for other criminal activities, Symantec said. 

Recorded Future News previously reported on researchers finding almost 30 phishing websites spoofing the electronic toll collection service E-ZPass.

The FBI said in an alert that since early March its Internet Crime Complaint Center (IC3) has received over 2,000 reports of smishing texts impersonating road toll collection services.

Pennsylvania has repeatedly warned its residents of the scams and urged victims to contact the FBI if they clicked on a link erroneously.

The tolls being spoofed are key financial mechanisms states use to maintain and develop the country’s extensive network of highways, roads, bridges and tunnels.

Estimates show the state electronic toll collection market reached $3.1 billion in 2023, according to IMARC.

The sense of urgency people feel in paying off bills — especially ones ostensibly coming from the government — has become a powerful tool for cybercriminals. 

Users are more likely to quickly respond out of fear of service disruptions or fines that may come with not paying tolls. One text message highlighted by Symantec states: “Our records indicate that your vehicle has used the FasTrak Express Lane. To avoid additional charges of $55.90, please settle your balance of $5.59 at hxxps[:]//tollbayareafastrak[.]com”

Symantec suggested state governments continue public awareness campaigns about the scams to prevent people from making payments.

They also urged states to coordinate with federal agencies on identifying threat actors and sharing effective countermeasures.

Symantec researchers noted that while these attacks are increasing in the U.S., other countries such as Australia, Canada and Japan have also been affected.