E-ZPass Toll Payment Texts Return in Massive Phishing Wave

Scammers are targeting consumers by impersonating well-known toll and transit services. In a renewed phishing campaign, scammers impersonate E-ZPass and other toll agencies to send fraudulent SMS texts aimed at stealing personal and credit card information. This scam, which the FBI warned about back in April 2024, has now experienced a significant resurgence, with many victims reporting up to seven scam texts in a single day.

What Is the Scam?

In this campaign, unsuspecting users receive text messages that appear to be sent from E-ZPass or similar toll authorities. These messages employ urgent language to create a sense of panic. For example, a typical scam text might read:

"Your toll payment for E-ZPass Lane must be settled by April 4, 2025. To avoid fines and the suspension of your driving privileges, kindly pay by the due date."

The texts include links that, when clicked, redirect the victim to a phishing website designed to look like a legitimate toll authority site. The site attempts to harvest sensitive information such as names, email addresses, physical addresses, and credit card details. In one twist, because Apple iMessage disables links from unknown senders, the scammers instruct victims to reply to the message to make the links clickable.

How Does This Type of Phishing Work?

This scam is a classic example of SMS phishing (or “smishing”). Unlike email-based phishing, smishing takes advantage of the trust users place in text messages—especially when they appear to come from reputable institutions like toll agencies. The attackers use various tactics to bypass anti-spam measures, including sending messages from seemingly random email addresses and leveraging automated phishing-as-a-service platforms like Lucid and Darcula. These platforms utilize encrypted iMessage and RCS messaging to spread the scam at scale, often under the guise of legitimate traffic, making detection more difficult.

Once the victim clicks on the link (or replies to enable clickable links), they are redirected to a mobile-optimized phishing page. For desktop users, the phishing site might not even load, which suggests that the attackers are specifically targeting mobile devices—a common tactic in smishing campaigns.

What to Do If You Encounter This Scam

If you receive a text message that appears to come from E-ZPass or another toll authority asking for urgent payment, take the following precautions:

• Do Not Click the Link: Avoid clicking on any links in the text, especially if the message asks you to reply in order to make the link clickable.
• Verify Through Official Channels: Instead of using the link provided, manually visit your toll agency's official website or use a known official app to check for any outstanding payments.
• Block and Report: Block the sender and report the number through your mobile carrier or directly to Apple, if you are using iMessage. This helps authorities track and mitigate the spread of the scam.
• Stay Wary of Urgency: Be skeptical of any text messages urging immediate action, threatening fines, or stating that your driving privileges or services will be suspended if you don’t co mply.
• Educate Yourself and Your Team: Regularly update yourself on common phishing tactics and share this knowledge with colleagues and family members to reduce the risk of falling victim to similar scams.
  

Final Thoughts

The persistent nature of these phishing campaigns underlines the need for vigilance and proactive security measures. Cybercriminals continually adapt their tactics, and even familiar services and trusted brands like E-ZPass are not immune from exploitation.

Stay safe and remember: when in doubt, always verify through trusted sources rather than clicking directly on links in unsolicited texts.