You get a ping. It's an official-looking text stating that you have unpaid toll fees with a link to pay for them. But if you were to click the link, you would become the next victim of one of the latest "smishing" scams. Don’t click the link!
Smishing—the term being a mashup of SMS (short message service) and phishing (attacks via email and the internet)—is a social engineering attack in which cybercriminals use fraudulent texts to steal people’s personal information and money. This type of cybercrime has been on the rise recently, with one rampant scam involving criminals targeting drivers with fake toll payment notices.
Here’s how one example of this scam may read, reports the FBI:
(State Toll Service Name): We've noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.
According to ThreatLocker CEO Danny Jenkins, "These scams all start the same way: with a sense of urgency. You get a message saying your tolls are overdue, your license is about to be suspended, or something equally alarming. Then comes the catch: a link to 'fix' the problem by paying the (fake) overdue tolls."
The link takes you to a website mimicking legitimate toll payment portals. These fake sites serve various malicious purposes, says Calum Baird, a digital forensics and incident response consultant.
"Many are set up to harvest financial details using fabricated payment pages, some will attempt to harvest credentials to commit further cybercrime and fraud, and others will encourage the user to download malware or take actions which would compromise their account and device security to enable further cybercrime," Baird says.
Scam tactics are getting more advanced
These scams continue to evolve with sophisticated methods to bypass security measures.
"One tactic recently employed by scammers seeks to bypass security measures on Apple iPhones which, by default, disable links from unknown senders,” says Baird. The scammer will instruct the iPhone user to reply to their message, and then close and reopen their messaging app. This simple step allows victims to click through to the scammer's fake payment website.
"Not all smishing messages are generic," Baird warns. "Some can be targeted, a technique known as ‘spearphishing.’" Data from security breaches can be used to craft personalized messages about you or your vehicle, tricking you into thinking that they are legitimate.
Red flags to look for
Baird advises drivers to be aware of the signs of smishing scams. He says they commonly include generic messaging such as ‘dear customer,’ and often lack specific details. They also tend to have some sense of urgency, such as the toll fee being passed to debt collection or rising fees from delayed payment. These vague details and pressure tactics are designed to trigger immediate action before you have time to verify the message's legitimacy.
How to protect yourself
If you do receive a suspicious text about toll payments, Baird and Jenkins recommend several protective steps.
- Never click on links in unexpected messages. Instead, directly check the official toll authority website by typing the address in your browser.
- Verify through official channels. "The best way to verify whether a text or notification about unpaid tolls is real is to visit the official toll website and check yourself," Jenkins says.
- Understand how legitimate agencies typically communicate. "In most cases—if not all—these agencies send official letters by mail requesting payment," Jenkins continues.
For those using rental vehicles, Baird recommends contacting the rental car company to confirm if the message is genuine since they typically have a record.
- Delete any smishing texts that you received.
- File a complaint with the FBI’s Internet Crime Complaint Center (IC3). Note the phone number where the text came from and the website referenced in the text.
What to do if you've been scammed
If you've already clicked a link or shared information, taking immediate action can help reduce the impact, says Baird. Here are a few things to do:
- Contact your bank immediately, and change any payment methods you provided.
- Consider freezing your credit.
- Reset passwords for any accounts that may be compromised.
- Enable multifactor authentication where available.
- Monitor your accounts for suspicious activity.
A growing problem beyond toll scams
These toll-related schemes are just one variant of an expanding universe of smishing attacks.
"Phishing attacks are evolving every day,” Jenkins says. “One day, it may be a scammer using generative AI to impersonate a family member requesting money to get out of jail. The next day, it's a text to millions of people saying that their tolls are unpaid.”
The best defense remains a healthy skepticism toward unexpected messages demanding urgent action, especially those involving money or personal information—which are smishing red flags. When in doubt, go directly to the source through official channels.