FBI Warns of Nationwide Smishing Scam Targeting Unpaid Toll Fees

WASHINGTON, D.C. — A nationwide scam targeting smartphone users with fake notifications of unpaid toll road fees has prompted warnings from federal authorities, including the FBI and the Federal Trade Commission (FTC). These deceptive text messages demand immediate payments for non-existent violations and threaten severe consequences if ignored.

The scam has been active since at least March 2024, with authorities linking it to a broader trend of smishing—phishing attempts conducted via SMS. Victims typically receive messages claiming they owe money for tolls, often under $25, and are coerced into revealing sensitive personal and financial information.

“They don’t care about the seven bucks. They want your credit card number,” said Aidan Holland, a security researcher at Censys. “It’s just a low-dollar amount that most people will either pay without thinking or not give it a double take.”

The fraudulent messages often resemble communications from legitimate toll collection agencies, making them more convincing. The FBI has reported an alarming rise in such attacks, and low amounts used in the messages create a façade of urgency, luring victims to comply.

According to Holland, threat researchers have identified around 57,000 malicious URLs linked to this toll road scam. Many of these URLs include known toll collection names but feature uncommon top-level domains often associated with cybercrime. “There’s just so many different variants,” he added. “It leaves room for confusion, and that room for confusion is being taken advantage of.”

The cybercriminals behind the scheme mainly operate from China, utilizing extensive infrastructures and phishing kits for their attacks. As reported by Palo Alto Networks‘ Unit 42, over 10,000 domains were registered for services impersonating toll collection agencies across various states.

“If we get a thousand domains taken down, they can register 40,000 tomorrow,” noted Renée Burton, VP of threat intelligence at Infoblox. This rapid domain registration further complicates efforts to combat the scam.

Most of the smishing messages are sent via platforms like iMessage or through email-linked burner phones, which are cheaper than regular phone numbers. By using these methods, scammers can bypass conventional spam controls enforced by wireless carriers.

“As bad actors evolve their tactics from targeting traditional text platforms to focusing more on over-the-top internet-based platforms like iMessage and RCS, wireless providers, others in the messaging ecosystem, and law enforcement need to partner to combat these tactics,” said a CTIA spokesperson.

Researchers have flagged the toll road text scam as increasingly prevalent, with reports originating from at least a dozen U.S. states and one Canadian province. Individuals receiving these messages are advised to exercise caution, avoid clicking on links, and report suspicious activity.

In light of these warnings, the FBI and FTC recommend users to file complaints and delete any suspicious messages. Users are also encouraged to report unwanted texts as spam and to block the sender’s number. “These scams are somewhat easy to spot as fraud if you’re paying attention,” stated Chester Wisniewski, director and global field chief technology officer at Sophos.

The ongoing rise in social engineering attacks underscores the need for vigilance among smartphone users. Authorities continue their efforts to monitor and dismantle these malicious schemes, but users are urged to remain cautious regarding any unknown or unsolicited messages.