An alarming rise in phishing attacks targeting toll payment systems such as E-ZPass is currently unfolding. Recipients have reported receiving numerous fraudulent SMS and iMessage texts that aim to deceive individuals into divulging sensitive personal and financial information.
The phishing messages contain links that redirect unsuspecting victims to imitation websites masquerading as legitimate toll agency portals. These websites create a façade of authenticity and attempt to gather confidential information, including names, email addresses, and credit card details.
This trend is part of a series of scams that have been flagged previously, with the FBI’s warning in April 2024 serving as a stark reminder of the ongoing issue. Reports from BleepingComputer indicate a recent resurgence of this mobile phishing campaign, with an increased frequency of messages circumventing common anti-spam filters.
The textual content of these messages conveys urgency, often threatening penalties such as additional fees or license suspension if payment is not made immediately. BleepingComputer shared examples of the fraudulent messages, highlighting the pressures and false claims made to the victims.
Apple’s iMessage is designed to protect users by disabling clickable links in messages from unfamiliar sources. However, scammers have found ways to bypass this feature by instructing users to respond to their texts, thus activating the links. Victims who unknowingly click these links are led to a phishing page that closely resembles the genuine toll payment interface.
The scale of this attack is considerable, with some users reporting up to seven scam messages a day, leading to mounting frustration within communities like Reddit.
While the source of the messages remains unidentified, recent intelligence points to phishing-as-a-service platforms such as Lucid being integral to these operations. These platforms utilize encrypted messaging technologies, allowing for large-scale dispatch of deceitful text messages.
Authorities urge anyone who encounters these messages to block the numbers and report them accordingly while advising against any responses to such scams, which can lead recipients to be targeted again.
In case of genuine payment concerns, users are encouraged to access their toll authority’s official website directly to verify any outstanding balances and should file any complaints via the IC3 portal.