In an increasingly digital world, scams are becoming more sophisticated and challenging to identify. From Postal Service smishing attacks to IT helpdesk vishing attacks, it has been nearly impossible to keep track of what is real and what is indeed falsified. As the start of the year unfolds, threat actors have rotated slightly to target toll lane users through deceptive text messages. By tricking recipients into believing that they owe money for unpaid tolls, these smishing messages are designed to not only steal personal information but financial as well increasing the risk to the vulnerable. With the continued breach of AT&T and the large-scale breach of all the major telecom companies, cell phone numbers and names attached are readily available for exploitation.
The Scam Unveiled
Scammers are sending fraudulent messages from deceptively named email addresses and messages that mimic legitimate toll payment notifications. These texts, often including specific dollar amounts and threats of late fees or legal action, have been increasingly spread to cell phone users from New York to Washington state and all the way down the coast to Florida. You will see several different examples proving just how technical this attack has gotten. With various toll payment vendor impersonations and slight grammar changes, this fraud has been thought out more than others. Embedded in these messages are links that direct the recipient to websites designed to steal sensitive information. These texts, often including specific dollar amounts and threats of late fees or legal action, have been increasingly spread to cell phone users from New York to Washington state and all the way down the coast to Florida.
While a first glance may call for a recipient to read the message in full and open the link attached, the first image of many that we will break down in this post targets Florida users. Broken down into three different sections, this text message is organized in a more sophisticated matter than others. While SunPass is a real toll vendor, the site attached, sunpass(.)com-3idw.sbs/us, is in fact not a real site but instead a site created utilizing a similar format, called a permutation. Proving the scam even further, by a quick Google search it can be found that SunPass will in fact never send a text message to anyone who uses their services but instead will send an email from customerservice@sunpass.com or noreply@sunpass.com. If you receive a text message like the one shown on the left, SunPass has released a statement urging you to call their customer service at 1-888-TOLL-FLA (1-888-865-5352).
The next smishing message in question for breakdown is one that targets EZDrive users in Massachusetts. The format of this particular message is similar to the previous one targetting Florida users, however it is from an email address and not a phone number. After a simple analysis of this sender address, it can be clear to the receiver that salvadoraymm@logility(.)appleaccount.com is not someone who works for EZDriveMA. Further analysis into EZDrive proves to show, once again, that they will never send their users a text message requesting payment with a link embedded. If you are in reciept of one of these messages, call the EZDriveMA customer support desk at (877) 627-7745 or email them at customer.service@ezdrivema.com.com.
How Scammers Operate
Scammers employ several tactics to make their messages appear official and urgent:
- Mimicking Tolling Authorities: The scammers use the official agency’s name in the link and design their messages to look like legitimate notifications.
- Creating Urgency: By threatening late fees or legal action, the scammers induce a sense of urgency, prompting recipients to click the links and enter personal information.
- Disabling iMessage Protection: Recently, scammers have been exploiting a trick to turn off Apple iMessage’s built-in phishing protection. By default, iMessage disables links in messages from unknown senders1. However, if the recipient replies to the message or adds the sender to their contact list, the links become active. Scammers ask users to reply with “Y” to enable the link, bypassing the protection.
Why This Scam Is Effective
The widespread nature of this scam and its specific targeting of toll users highlight its effectiveness. The scam uses the trust people have in official notifications and the urgency created by threats of penalties to extract sensitive information.
Additional Examples
Protecting Yourself
While many other scams of this nature target other toll vendors, they all call for the same remediation efforts from the recipient. Here are some tips to safeguard yourself from the toll lane fee text scam:
- Verify Claims: Always contact the tolling agency directly using a trusted contact method, not the one provided in the message.
- Avoid Clicking Suspicious Links: Ensure the authenticity of any request before clicking on links or entering personal information.
- Stay Skeptical: If a message seems unexpected or too urgent, it’s likely a scam.
- Don’t Respond to Suspicious Messages: If you receive a message from an unknown sender asking you to reply to enable links, do not respond. Instead, contact the company or organization directly to verify the text
Conclusion
Scams like the toll lane fee text scam highlight the importance of vigilance and caution in the digital age. By staying informed and following the steps outlined above, and staying tuned to the Defend Edge podcast (Defending the Edge), you can protect yourselves from falling victim to these deceptive tactics.
Leave a Reply