FBI Warns: Fake Toll Payment Texts Target Drivers Nationwide

A massive wave of phishing scams targeting smartphone users has prompted warnings from federal agencies and local governments nationwide. Cybercriminals are sending fraudulent text messages about unpaid toll and parking fees, using sophisticated techniques to steal personal and financial information.

How These Scams Work

The texts follow a consistent pattern: claiming you have an unpaid toll or parking fee that requires immediate payment to avoid penalties. According to Palo Alto Networks’ Unit 42, scammers have registered “over 10,000 domains” to fuel these attacks, with the campaign moving “from state to state” across America.

The FBI warns citizens to “delete any smishing texts received.” These texts typically contain links to fake payment sites designed to harvest personal data and credit card information.

“Not only is the scammer trying to steal your money, but if you click the link, they could get your personal info and even steal your identity,” the FTC cautions.

Technical Details

The toll scam appears to be franchised to local operators but leverages a toolkit built by Chinese cybercrime groups. Many domain names use the Chinese .XIN TLD, with deceptive URLs such as:

ezdrive.com-2h98[.]xin
e-zpassny.com-ticketd[.]xin
sunpass.com-ticketap[.]xin

To bypass security measures on iPhones, which disable links in texts from unknown senders, scammers use open redirects through trusted domains like Google.com.

One telltale sign of foreign origin: dollar signs appear after the amount (35$) rather than before, as is customary in the US.

Most Targeted Cities

McAfee reports “fake toll road scams have nearly quadrupled at the end of February compared to where they were in January,” with these cities facing the highest attack volumes:

Dallas, Texas
Atlanta, Georgia
Los Angeles, California
Chicago, Illinois
Orlando, Florida

Other significantly affected cities include Miami, San Antonio, Las Vegas, Houston, Denver, San Diego, Phoenix, Seattle, Indianapolis, and Boardman, Ohio, according to McAfee’s report.

Dangerous New Tactics

A particularly concerning technique reported by Detroit’s 7 News involves fake payment rejection messages. When victims attempt to pay with a debit card, they receive a pop-up indicating the card was denied. “That’s the trick! The scammers want you to keep trying different cards, so they have those numbers to use themselves.”

Protection Advice

The FBI and FTC recommend:

Never click links in unexpected texts
Verify legitimacy by contacting toll services directly through official websites
Report suspicious texts by forwarding to 7726 (SPAM)
Delete suspicious messages immediately
If you provided information, secure your accounts and dispute unfamiliar charges

Cybersecurity firm Zimperium notes criminals are increasingly adopting a “mobile-first attack strategy” because users are more vulnerable on small-screen devices.

Consumer Impact

The scope of this scam is evident from local reports. When Detroit’s WXYZ news station asked Facebook users about receiving these texts, they “got more than 4,300 comments from people across Michigan and others out of state.”

Even Louisiana Attorney General Liz Murrill reported being targeted: “I received this text as well. It is a scam. If you ever receive a text that looks suspicious, be sure to never click on it. You don’t want your private information stolen by scammers.”

FAQ About Toll and Parking Text Scams

How can I tell if a toll or parking fee text is a scam?

Look for these warning signs: unknown sender numbers, urgent language demanding immediate payment, links to suspicious websites (especially with hyphens or misspellings), and improper formatting like dollar signs after amounts (35$ instead of $35). When in doubt, contact your local toll or parking authority directly using their official website or phone number.

What information are these scammers trying to steal?

These scammers aim to collect your personal information (name, address, phone number, email) and financial data (credit card numbers, security codes, expiration dates). This information can be used for identity theft, financial fraud, and can be sold to other cybercriminals.

What should I do if I already clicked a link in one of these texts?

If you’ve already clicked a link or provided information, immediately secure your accounts by changing passwords, place a freeze on your credit cards, monitor your accounts for unauthorized charges, and report the incident to your financial institutions. You should also file a complaint with the FBI’s Internet Crime Complaint Center at www.ic3.gov.

Why are these scams so widespread right now?

According to cybersecurity experts, these scams have proliferated because they’re effective on mobile devices where users are more likely to click without scrutinizing links. The scammers have also developed sophisticated techniques using open redirects through trusted domains like Google.com to bypass security measures on smartphones.

How do I report these scam texts?

Use your phone’s “report junk” option to report unwanted texts to your messaging app or forward them to 7726 (SPAM). You can also file a complaint with the FBI’s Internet Crime Complaint Center (IC3) at www.ic3.gov, including the phone number the text came from and any website listed in the message.

Can I stop these texts from coming to my phone?

While it’s difficult to completely prevent these texts, you can reduce them by never responding to suspicious messages, keeping your phone number private when possible, and using spam filtering apps. Both Apple and Android devices have built-in spam detection features that you should enable in your settings.