Unpaid Toll Text? FBI Warns It’s Likely a Smishing Scam

Received a text message claiming you owe money for unpaid road tolls? You’re far from alone, and you should be highly suspicious.

In an alert issued by the FBI’s Internet Crime Complaint Center (IC3), the agency warns Americans about a widespread SMS phishing, or “smishing,” campaign targeting drivers nationwide.

It’s a scam that has generated thousands of complaints and appears to be moving from state to state, highlighting the need for increased vigilance against text messaging-based fraud.

How the Road Toll Smishing Scam Works

Attackers start this scam by sending an unsolicited text message, which often states you have an “outstanding toll amount” that’s usually a relatively small sum (up to around $25).

To add pressure, the text message typically threatens a significant late fee or other penalty if the alleged toll isn’t paid immediately. The core of the scam is a clickable link included in the text message.

Not surprisingly, the link does not lead to a legitimate state toll authority’s website. Instead, it directs victims to a fraudulent website meticulously designed to mimic the real toll service (like E-ZPass). Scammers have registered thousands of these fake domains.

On the fake site, victims might be asked to ‘verify’ their identity by entering personal information like name, address, and driver’s license number. It also aims to capture financial details such as credit card numbers or bank account information. See, the small toll fee is just bait; the real goal is stealing credentials and financial data for broader identity theft or fraud.

Why This Smishing Scam is Spreading

Cybercriminals understand that text messages feel personal and often command immediate attention, so combining this with a common annoyance like road tolls creates a believable scenario for many drivers.

The small dollar amount requested can make victims less cautious, thinking it’s easier to just pay the ‘fee’ than investigate. In addition, the scam often uses local-sounding toll agency names, even targeting people in states without toll roads, catching travelers off guard.

Attackers are also taking advantage of AI phishing for this SMS text messaging scam. Generative AI allows smishing to be automated and reach large numbers of potential victims in moments.

What to Do If You Receive an Unpaid Toll Text Message

Here are some tips if you receive a text message saying you owe an unpaid road toll:

• Do Not Click the Link: Never click on links in unsolicited or suspicious text messages.
• Do Not Respond: Replying confirms your number is active, so even texting “STOP” might be ignored or used against you.
• Verify Independently: Contact the toll agency directly using their official website or customer service number found through a trusted source, not the information in the text message. In addition, most agencies primarily use mail for billing communications.
• Report the Scam: File a complaint with the FBI’s Internet Crime Complaint Center, and report fraud to the Federal Trade Commission (FTC).
• Report as Spam: Forward the unwanted text message to 7726 (SPAM), which helps your wireless carrier identify and block fraudulent text messages. iOS and Android also provide built-in reporting features within their messaging apps.
• Delete the Text Message: Once reported, delete the text message from your device.

But what if you did click or respond? Notify your banks and credit card companies about the potential compromise, and monitor your accounts closely for any unauthorized charges.

You’ll also want to change passwords for any online accounts associated with the information you provided, and enable multi-factor authentication (MFA) wherever possible.

It’s also recommended that you consider identity theft protection and take the necessary steps if you believe your identity has been compromised.

How to Stay Protected from Road Toll Scams

As a nationwide scam, this smishing attack highlights the constant need for security awareness, not just for email-based phishing but for text message-based threats as well. Key protective measures start with a mindset shift.

Cultivating a healthy dose of skepticism is your first line of defense. Treat any unsolicited text message asking for money or personal details with caution, no matter how official it seems.

Always take a moment to verify requests independently before clicking links or sharing data, and contact the organization through an official channel you know is legitimate, not one provided in the suspicious text message.

Part of that verification involves knowing what to look for. Know how to recognize the common red flags of smishing, from being wary of urgent demands to requests for sensitive information from unfamiliar phone numbers.

Staying informed is critical, too. Keep up with current scam tactics through official alerts from agencies like the FBI, and participate in security awareness training to sharpen threat recognition skills.

By staying informed and cautious, you’ll significantly reduce the risk of falling victim to smishing scams like the fake road toll campaign sweeping the nation right now.