Nationwide Alert: SMS phishing attacks target toll road customers
The Federal Bureau of Investigation has issued a critical warning about a pervasive scam sweeping across the country. Americans are being targeted by a sophisticated series of SMS phishing—or “smishing”—attacks that bait them with fictitious unpaid road toll charges.
Scam text
A surge of fraudulent activity
The smishing scheme has been active since last month, duping thousands of people, as reported by victims to federal authorities. The FBI’s Internet Crime Complaint Center has documented a significant influx of over 2,000 complaints detailing deceptive texts that impersonate road toll services from various states.
MORE: IS THE FTC CALLING YOU? PROBABLY NOT. HERE’S HOW TO AVOID A NEW PHONE SCAM TARGETING YOU
Mechanism of the road toll scam
Investigations reveal that these messages are uniform in their deception, falsely asserting that the recipient is delinquent on road toll payments. These communications aim to manipulate individuals into clicking on links that are ingeniously designed to mimic legitimate state toll service websites, complete with fluctuating phone numbers to elude detection.
MORE: THE DARK WORLD OF FACEBOOK ADS WHERE SCAMMERS ARE TRYING TO STEAL YOUR MONEY
Regional responses to the threat
The Pennsylvania Turnpike has been at the forefront of the afflicted services, proactively advising its customers to avoid interacting with these fraudulent messages. Similarly, the Pennsylvania State Police have expressed their concern, highlighting that the scam texts redirect to counterfeit websites designed to steal personal data.
Scam text
Expanding the watch
Regional services are not the only ones affected. Residents across various parts of the U.S. have been under threat since the onset of these attacks, which seem to target toll service customers. While this detail is not directly mentioned in the FBI’s public service announcement, secondary sources tracking the issue have confirmed it.
MORE: THE ‘UNSUBSCRIBE’ EMAIL SCAM IS TARGETING AMERICANS
Guidance if you receive a toll scam text message
The FBI has recommended several preventive measures in light of the ongoing phishing attacks.
1) Report the phishing attempt at www.ic3.gov with the scammer’s contact details and the website URL from the message.
2) Verify your toll account through the official service website.
3) Reach out to the official customer service for the toll service.
4) Erase the fraudulent text message from your device.
5) Use good antivirus protection on all devices to reduce risks. The best way to protect yourself from clicking malicious links that install malware that may get access to your private information is to have antivirus protection installed on all your devices. This can also alert you of any phishing emails or ransomware scams.
TotalAV is easy to set up and offers real-time protection for paid users, keeping your devices safe around the clock. It includes tools to block phishing scams, remove ransomware and spyware, and clean up adware and junk files. The software also features a browser manager, system tune-up tools, and protects across Windows, Mac, Android, and iOS devices.
GET MY EXCLUSIVE CYBERGUY TOTALAV DEAL:
Please note:
1) If you're having difficulty seeing either of the above deals, do this:
- If you're on a mobile device, hold down the link above, "Copy Link", and then paste it into a private or incognito browser.
- If you're on a laptop or desktop, right click the link, "Copy Link", and then paste it into a private or incognito browser.
2) During registration you may see optional upsells you can decline. Our top pick is the core antivirus product.
3) If you need help after your purchase, you can reach TotalAV directly through their official support page here.
6) Consider a personal data removal service: Scammers often use stolen or publicly available personal information – like your name, phone number, or home address—to make phishing messages feel more convincing. A data removal service helps by regularly scanning and deleting your personal details from the dozens (or even hundreds) of data broker sites that collect and sell this info. The less exposed your information is, the harder it is for scammers to target you.
Incogni, a service I trust 100% and use myself, helps automate the process by submitting removal requests to hundreds of data brokers and people-search sites on your behalf.
Incogni automatically contacts data brokers on your behalf and requests the removal of your personal information. It also continues monitoring those sites and submits new removal requests if your data reappears.
- Incogni currently removes personal data from 420+ data broker and people-search websites, and its Unlimited plan allows you to request removals from as many additional sites as you need.
- Incogni has also received third-party assurance from Deloitte, validating its marketing claims.
- The goal is simple: make it much harder for strangers, scammers, and cybercriminals to find your personal information online.
CyberGuy readers get 60% off Incogni’s annual plans using the links in this article.
The service also includes a 30-day money-back guarantee, so you can try it risk-free and see how much of your information is exposed online.
Is your personal information exposed online?
Run a free scan to see if your personal info is compromised. Results arrive by email in about an hour.
If you click one of these toll scam links
For individuals who have engaged in these phishing attempts, it is crucial to take immediate action to secure personal and financial information. The FBI stresses the importance of monitoring for unfamiliar charges and disputing them promptly to mitigate any potential financial harm.
Kurt’s key takeaways
As the threat landscape evolves, staying informed about these scams is paramount. By following the FBI’s advisories and maintaining a high level of skepticism toward unsolicited texts claiming to be from toll services, you can safeguard against these invasive phishing tactics. It’s really important that we all work together to spot and call out scams. By doing this, we’re joining forces to protect people from cybercriminals who try to trick them.
What role should mobile carriers and tech companies play in combating smishing scams, and how can they improve their current measures? Let us know in the comments below.
FOR MORE OF MY TECH TIPS & SECURITY ALERTS, SUBSCRIBE TO MY FREE CYBERGUY REPORT NEWSLETTER HERE