Warnings Issued as Fake Toll Violation Texts Spread Nationwide

WASHINGTON, D.C. — The FBI is alerting smartphone users across the United States about a growing scam in which users receive fraudulent text messages stating they owe money for unpaid toll charges.

Since March 2024, more than 2,000 complaints related to these messages have been filed with the FBI’s Internet Crime Complaint Center (IC3). Scammers are impersonating local toll service providers, claiming victims owe small amounts, typically under $25, and threatening them with penalties if they do not pay immediately.

The messages often contain links that, when clicked, lead to websites designed to harvest personal and financial information. For instance, a typical message might read: “[State Toll Service Name]: We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit [fraudulent website link] to settle your balance.”

“These scammers know that people are more likely to act quickly when they feel a panic about unauthorized charges,” said Aidan Holland, a security researcher at Censys. “They don’t care about the small amounts, they want your credit card information.”

Authorities have confirmed that the infrastructure behind these scams is predominantly traced to cybercriminals operating from China. Renée Burton, a vice president of threat intelligence at Infoblox, noted that these groups have been using the same frameworks for various types of smishing attacks.

According to Holland, the scammers have registered tens of thousands of URLs that closely mimic legitimate toll collection websites. Palo Alto Networks‘ Unit 42 reported discovering over 10,000 newly registered domains used to perpetrate these scams.

New domains can surge almost overnight, complicating efforts to shut them down. “If we get a thousand domains taken down, they can register 40,000 tomorrow,” Burton explained.

Malicious texts are often sent via iMessage from email accounts linked to disposable phone numbers based in the United Kingdom and the Philippines. This tactic is believed to provide a cheaper alternative for scammers than traditional SMS. The attacks aren’t limited to Apple devices; Android users have also reported being targeted.

Federal regulators, including the FCC and FTC, advise users to ignore unexpected texts, avoid clicking on any links, and report suspicious messages to their mobile carriers. Victims are urged to file complaints with the IC3 and verify toll charges directly through official channels.

“Legitimate toll agencies will not ask for payments via text. If you receive such a message, delete it immediately,” a spokesperson for the FBI advised.

Cybersecurity firm McAfee identified top targets in major U.S. cities, noting that these scams have been reported in Virginia, Maryland, Indiana, North Carolina, Georgia, and Ohio. The firm shares that 19.2 billion spam texts were sent in February alone, marking a significant rise in smishing attacks.

Experts like Chester Wisniewski, director at Sophos, stress the importance of vigilance when handling texts from unknown senders. “Remain skeptical of any communication that demands immediate action,” he urged.