Drivers throughout the U.S. are being bombarded with fraudulent textual content messages claiming to come back from toll operators like E-ZPass.
These messages threaten fines for unpaid toll charges and purpose to steal private and monetary data. Safety specialists warn that these scams have gotten extra refined, pushed by new phishing instruments developed and bought in China.
Not too long ago, the Massachusetts Division of Transportation (MassDOT) issued an alert a few smishing marketing campaign concentrating on customers of its EZDriveMA tolling program. Victims who click on the hyperlinks in these texts are requested to supply bank card particulars and, in some instances, confirm a one-time password (OTP) despatched by way of SMS or authentication apps.
This phishing module for spoofing MassDOT’s EZDrive toll system was supplied on Jan. 10, 2025 by a China-based SMS phishing service known as “Lighthouse.”
Related scams have been reported in different states, together with Florida (concentrating on SunPass customers), Texas (North Texas Toll Authority), California, Colorado, Connecticut, Minnesota, and Washington. These phishing assaults typically contain realistic-looking web sites that mimic official toll authority websites however solely perform on cell units, making them much more convincing to unsuspecting customers.
In line with Ford Merrill, a safety researcher at SecAlliance, the quantity of toll-related phishing assaults surged after the New Yr. This spike coincides with updates to industrial phishing kits developed by Chinese language cybercriminal teams. These kits now embrace templates designed particularly to impersonate toll operators in a number of states.
Merrill notes that these kits, bought extensively in underground markets, are half of a bigger pattern. Criminals have used comparable ways to impersonate delivery firms, tax companies, and immigration providers, typically concentrating on people new to a rustic or in susceptible positions. The final word objective is to steal fee card particulars, add them to cell wallets, and make fraudulent purchases or launder cash via shell firms.
To guard your self from these scams:
- Confirm the supply: Keep away from clicking hyperlinks in unsolicited textual content messages. As an alternative, go to the official web site of your toll supplier straight
- Allow multi-factor authentication (MFA): Use MFA for on-line accounts so as to add an additional layer of safety
- Monitor your accounts: Usually overview financial institution and bank card statements for unauthorized transactions
- Report scams: Notify your native toll authority and file a report with the Federal Commerce Fee (FTC) if you happen to obtain suspicious messages
As these scams develop extra refined, staying vigilant is crucial. By understanding how these phishing schemes function, you’ll be able to higher shield your self and your private data.
KnowBe4 empowers your workforce to make smarter safety selections daily. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and scale back human threat.
Krebsonsecurity has the story.
