Commuting from one place to another isn’t just time-consuming but can also feel heavy on your pocket. No, this is not about the rising prices of gasoline. In a serious turn of events, a new and alarming type of smishing incident has been sweeping across all the states of the USA.
Basically, the threat actors have been running an SMS phishing campaign all over the United States. The smishing campaign convinces commuters about unpaid tolls. The ultimate goal of the phishing actors is to access the credentials of naive people and make some quick money.
The FBI or Federal Bureau of Investigation has been looking into the matter and has warned people against such SMS frauds. Also, FBI is quite confident that this toll scam has affected other countries in different parts of the world. They have even mentioned this in detail in their public service announcement.
When and How Did This Start In The US?
The unpaid toll scam started back in March 2024 in the USA. So far, almost 2000 scams have been reported across the states.
The threat actors send out an SMS saying, “We’ve noticed an outstanding toll amount of $12.51 on your record.” It further goes on to say, “To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.”
The text can be exactly like this, with a few variations in tonality, amount, toll service provider’s name, and so on. The scammers make the SMS look credible enough by imitating the toll collection service providers in the USA.
Why Does Unpaid Toll Scam Seem So Convincing?
SMS phishing has never disappointed threat actors. It has always been effective in robbing innocent people’s hard earned money. Similar is the case with the latest unpaid toll scam as well!
FBI’s warning further hints at the possibility that the smishing incident might escalate in the future.
Image sourced from thesecuritybuddy.com
People are easily falling prey to the unpaid toll scam because of this old-school SMS phishing tactic. Different toll service names and phone numbers used in the text messages further add to their authenticity.
The malicious link keeps changing everytime. It redirects the victims to legitmate-looking toll service websites. Then they are asked to make the payment and to enter their credentials. Once the victims type in the required information, all the data gets collected by the threat actors.
Which States Are Facing Imminent Smishing Threat?
FBI is acting tight-lipped when asked about the specific states under a smishing attack. However, social media is replete with posts related to unpaid toll scams in Pennsylvania. One of the toll services in the state, The Pennsylvania Turnpike, has uploaded warning posts on the social media platform X with the ultimate aim of spreading awareness. They have urged commuters to stay aware of such fraudulent text messages and to report them to relevant authorities.
The post sheds light on how some people have received malicious text messages pretending to be The Pennsylvania Turnpike and trying to collect personal details. The toll service company has urged people not to click on any such unpaid toll link and delete the SMS at the earliest.
X users further traced the unpaid toll scam back to Australia. Back in 2022 and 2023, the entire Australia was affected by a similar SMS phishing scam where commuters were being sent unpaid toll text messages. An X user tweeted about an SMS phishing text where the threat actors sent out text messages by imitating the identity of City Link- a Melbourne-based toll service provider.
One year down the line, another X user based in WA or Western Australia tweeted about a somewhat similar scam. He mentioned getting multiple unpaid toll text messages. But he immediately knew that it was a scam. This is because WA doesn’t have any tolls on their roads.
How To File A Complaint If An Unpaid Toll SMS Ends Up In Your Inbox!
The FBI has sent out a crystal clear message against the cybercriminals. They want the US citizens to act vigilantly and report against the threat actors every time they or their acquaintances receive a fraudulent smishing message.
Here’s how you can do so:
- Visit the official website of IC3 (www.ic3.gov).
- Mention the phone number from which you received the unpaid toll text message.
- Visit the legitimate website of the toll service provider.
- Note down the customer care number of the toll service provider.
- Call them and explain everything about the SMS you have received.
- Then, delete the fraudulent text message from your phone.
- Avoid clicking on the malicious link attached to the SMS at all costs
Modern Technology- A Double-Edged Sword!
Technology is supposed to make our lives simpler and better. And it has done so to such a great extent. However, cybercriminals too, have been in the race to leverage advanced technology. And that’s why more and more people should be aware about the different types of cybercrimes happening around them.
The sudden surge of unpaid toll phishing scams in the US and the ripples it has caused across the FBI departments is a testament to the fact that threat actors have once again bypassed security services to access sensitive details of users.
The classic SMS phishing emphasizes the significance of phishing awareness training campaigns and digital literacy. And the worst part about such cybercrimes is that they take place on a global scale and affect a HUGE chunk of society.
So, if you are a commuter who travels daily from home to work and vice versa, then you need to pull up your socks now! Only your awareness can prevent them from breaking into your bank.
Even if you are a regular offender and have outstanding toll fees, you also need to check the status by connecting with the official toll service providers. If you click on the malicious link by mistake, immediately change all the passwords and usernames, and report the incident at IC3 at the earliest, while staying vigilant with phishing protection measures.