Not that long ago, I received a text message from the Illinois Tollway Authority stating I had an unpaid toll. At first, I thought it might be possible, since I do travel through Chicago on occasion to see family elsewhere in the Midwest and have an E-ZPass on my windshield.
The text said “according to their records,” I had an outstanding toll charge with a link to pay the balance and avoid a late fee. For good measure, they placed a “Pursuant to Illinois Code” notice with a string of numbers, letters, and dashes that looked legally legitimate.
If you’ve received a message like this, you’re probably the target of a smishing campaign. A combo of SMS (text messaging) and phishing, smishing is where scammers send fraudulent texts to trick you into clicking a malicious link. The goal is to access your personal data, get your account passwords, and ultimately, steal your money.
In my specific instance, there is no such thing as the Illinois Tollway Authority (it’s just the Illinois Tollway). It was also lacking the “Reply Stop” and “Message and Data Rates May Apply” disclaimers that are usually associated with third-party text messages.
To date, the FBI’s Internet Crime Complaint Center has already received thousands of complaints about these fraudulent tollway messages, which use identical language to trick drivers into handing over their financial data.
Red flags to look for
Scammers use clever tactics
Scammers use a spray-and-pray method, sending thousands of these texts to random people regardless of their travel history. Here are some signs you are being targeted:
- Small Debt: They usually claim you owe a small but believable amount, which might be as low as a few dollars. These false figures are meant to resemble actual toll road rates.
- Large Late Fee: Different from the small amount you supposedly owe the tollway, the message mentions a much larger late fee, sometimes in the hundreds, to create a sense of urgency.
- International Senders: Many of these texts originate from random 10-digit numbers or international area codes (like +63) rather than the verified five- or six-digit codes used by legitimate agencies.
The image below shows a recent correspondence sent to one of my colleagues here at How-To Geek. It’s the most elaborate example we have seen yet. Notice the inclusion of a QR code in the bottom left-hand corner, which was immediately suspect.
Look at the URL
Something will be odd about them
Scammers register new domains that appear official but are actually designed to steal your information. If you have received a message claiming you owe an unpaid toll, and it has one of these URLs (or one of a similar style), it’s a scam:
- myturnpiketollservices.com
- sunpass-service-pay.com
- ezpass-tolls-notice.com-payment
- fastrak-bill-pay.net
- tollroad-invoice-services.org
The most overlooked way to stop spam calls on Android and iPhone
The answer to a good chunk of the most annoying calls you get might actually be lying in a forgotten tool.
How official agencies communicate
Look for real short codes
Legitimate tolling authorities have strict protocols for collecting unpaid balances. Here is what the major agencies say:
- E-ZPass: Almost always sends unpaid toll notices via physical mail to the address where your vehicle is registered. They do not send random texts asking for immediate payment.
- SunPass: Florida’s toll agency advises that legitimate text alerts only come from its official short code (786727). They will never require payment via a link in a text message.
- FasTrak: California’s FasTrak explicitly states that they do not request payment by text with a link to a website.
What to do if you receive a suspicious message
If you have one of these texts on your phone right now, here is the best course of action:
- Do Not Click: Clicking the link can lead to a site designed to steal your credit card data or install malware on your device. Forward the text to 7726 (which spells “SPAM”) to help your carrier block the sender.
- Verify Independently: If you’re genuinely worried you owe money, open your web browser and manually type in the official agency’s website to check your account status.
- File a Report: Help law enforcement shut these scams down by reporting the message to the FBI’s Internet Crime Complaint Center. Be sure to include the phone number the text came from and the URL inside the message.
Source: Read Full Article
