SMS scammers use toll fees as a lure

In April 2024, the FBI warned about a new type of smishing scam.

Smishing is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a “small amount” in toll fees.

The scammers send a text claiming that the recipient owes money for unpaid tolls.

We've noticed an outstanding toll amount
Redacted example of toll smishing text

“PA Turnpike Toll Services: We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00 visit [URL to fake site] to settle your balance.”

It looks as if the targets are chosen randomly, but if you’ve been on a recent summer trip or will be visiting your relatives during the holiday season the chances are higher that you will believe this type of text. Nobody is going to fool you into paying (extra) for your daily commute, right?

Because of the relatively low amount, people may decide to settle the payment before the amount rises.

One of the URLs we tracked for this campaign was myturnpiketollservices[.]com which was active from early April until late May. Some others have only been active for a few days.

On the fake website, which is a really convincing copy of the original, visitors are asked to fill out their details like phone numbers, email addresses, full name, address, and their credit card details. Scammers will happily abuse any information that you enter for other malicious activities like identity theft and financial fraud.

Tolls by Mail website mimicked by a scammer
Tollsinfosny[.]com mimicking the legitimate Tollsbymailny.com

These attacks are not just increasing in numbers in the US, smishing scammers are also targeting people in Australia, Canada, and Japan now.

How to avoid falling for a smishing scam

  • Check the phone number that the text message comes from. Some of the scams above were easy to dismiss because they came from telephone numbers outside the US.
  • Look for the actual site that handles the alleged toll fees and compare the domain name. Sometimes there is only a small difference, so inspect it carefully.
  • If you decided to pay, an alarm should go off if you don’t receive confirmation. Official toll agencies will send confirmation after collecting payments. If you don’t receive confirmation, it’s time to investigate and maybe freeze your credit card.
  • Never interact with the scammer in any way. Every reaction provides them with information, even if it’s only that the phone number is in use.
  • If you think the toll fee is feasible because you have indeed travelled in that area, check on the official toll service’s website or call their customer service number.
  • The FBI asks that if you receive a suspicious message, contact the FBI Internet Crime Complaint Center at ic3.gov. Be sure to include the phone number from where the text originated, and the website listed within the text.

Involved domains

myturnpiketollservices[.]com

nytollservices.com

tollsinfosny[.]com

tollsinfonyc[.]com

bayareafastraktollservices[.]com

intollroadacc219[.]com

toll-sunpass[.]com

tollnyezpassweb[.]com

indiana260roadtollac[.]com

inweb-tollroadtrust[.]com

in-tollroadgouv1[.]com

newyorktollroadtrust1[.]com

nyserviceezpass[.]com

intrust-tollroadweb[.]com

sunspass[.]com

sunspasstollsservices[.]com

sunpasstollservices[.]com

tollsbymailsny[.]com

Several of these were hosted at the IP:

45.8.92[.]38


We don’t just report on phone security—we provide it

Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by downloading Malwarebytes for iOS, and Malwarebytes for Android today.

https://blog.malwarebytes.com/feed/

Leave a Reply