Unpaid toll SMS scam
The FBI warns of a toll text scam, likely from Chinese cybercriminals. Victims are urged to check accounts directly and avoid clicking links. Pexels

The FBI has issued a warning urging Americans to disregard suspicious text messages about unpaid toll bills amid concerns that Chinese cybercriminals may be behind them.

In an alert issued last April, the FBI advised recipients to delete any text messages claiming they owe toll fees. The agency clarified that these messages are a form of phishing known as 'smishing', as they are sent via text rather than email.

Toll Text Scam Alert Issued By FBI

The FBI noted over 2,000 reports of these deceptive messages at that time, suggesting that 'the scam may be moving from state to state.' On 17th January, the Federal Trade Commission (FTC) reiterated the warning, explaining that the scammers sending these texts aim to trick recipients into clicking the included link, enabling them to steal both money and personal data.

'Don't click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it's best to stop and check it out,' the FTC advised. According to Forbes, reports of these texts surfaced last month in numerous locations, including Massachusetts, California, North and South Carolina, Illinois, Colorado, and Florida, among others.

Staying Vigilant Against Toll Text Scams

Even local governments are taking action, warning their residents about these fraudulent unpaid toll messages. For example, the city of Great Falls, Montana, with a population of 60,000, alerted its citizens to these deceptive texts last Thursday.

'A few local people have recently received a text referring to their vehicle having an "outstanding toll bill." This is a SCAM and is not coming from the City of Great Falls. Please do not click the link in the message,' the city wrote in an X post.

'You would have been notified via a letter in the mail if you did not pay a city parking ticket within 30 days,' the official X account of Montana added. Last week, the Massachusetts Department of Transportation informed residents that EZDriveMA, the state's toll collection system, 'will never request payment by text.'

'All links associated with EZDriveMA will include www.EZDriveMA.com,' the toll authority said. This week, the Oklahoma Turnpike Authority (OTA) issued similar warnings, urging the public to avoid becoming victims of these text scams.

'Usually, you get some signs just by reading the message. If it doesn't have the correct names or the correct URL, that's a dead giveaway and you should go ahead and report that as junk or as spam on your phone, and definitely do not click any links on it,' said Lisa Shearer-Salim, the communications manager for the OTA.

Social Media Users Share Smishing Encounters

Many social media users have shared their experiences with these messages, posting screenshots of the sometimes oddly phrased texts they've received. One individual expressed surprise at the scammers' use of handshake emojis within their demands to pay supposed outstanding tolls.

Many others instantly recognised the messages as scams due to the absence of toll roads in their area. According to the rental car company Hertz, eighteen states, including Arizona, Idaho, Montana, Wisconsin, and Tennessee, lack toll roads entirely.

'This is a hilarious scam text because there are literally no toll roads anywhere near where I live,' one person wrote on X. Another person said: 'I just got this from text via a fake email. I'm laughing cuz I don't drive.'

The FBI recommends that if you're worried about potentially missing a toll payment, you should independently check your toll service account rather than clicking any links in the text message.

Experts Point Finger At China

'Check your account using the toll service's legitimate website [or] contact the toll service's customer service phone number,' the FBI said. While the source of these texts remains somewhat unclear, one expert suspects they originate in China.

Cyber security expert Chris Krebs, who served in a newly-created role in the first Trump administration, hinted at the possibility in a blog post. He referenced the research of Ford Merrill, who works at SecAlliance, a company specialising in cybersecurity for banks, government agencies, international organisations, and infrastructure operators.

'Merrill said the volume of SMS phishing attacks spoofing toll road operators skyrocketed after the New Year when at least one Chinese cybercriminal group known for selling sophisticated SMS phishing kits began offering new phishing pages designed to spoof toll operators in various US states,' Krebs wrote.

'According to Merrill, multiple China-based cybercriminals are selling distinct SMS-based phishing kits that each have hundreds or thousands of customers.'

'These phishing kits aim to collect sufficient information from victims to enable the addition of their payment cards to mobile wallets. Hackers can then use these compromised cards to buy goods at physical stores, online, or to launder money through shell companies.'

Writer's pick
FBI