An ongoing phishing marketing campaign impersonating E-ZPass and different toll companies has surged not too long ago, with recipients receiving a number of iMessage and SMS texts to steal private and bank card data.
The messages embed hyperlinks that, if clicked, take the sufferer to a phishing website impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or one other toll authority that makes an attempt to steal their private data together with names, electronic mail addresses, bodily addresses, and bank card data.
This rip-off will not be new, with the FBI warning about it in April 2024, however BleepingComputer has seen and acquired a number of reviews of a surge on this cell phishing marketing campaign.
The textual content messages bypass anti-spam measures and are available from seemingly random electronic mail addresses, which, mixed with the size of the assault, point out an automatic assault.
Rip-off texts seen by BleepingComputer faux to be instantly from E-ZPass or the Division of Motor Autos. The texts use language that accommodates a way of urgency, just like the toll must be paid in a day or two, or there will likely be an extra payment, or licenses will likely be suspended.
“Your toll fee for E-ZPass Lane have to be settled by April 4, 2025. To keep away from fines and the suspension of your driving privileges, kindly pay by the due date,” reads an instance rip-off textual content seen by BleepingComputer.
Supply: BleepingComputer
Apple iMessage routinely turns off hyperlinks in messages from unknown senders to guard customers from SMS phishing scams. To bypass this, the scammers inform customers to answer to the textual content, which can make the hyperlinks clickable.
Tapping on the supplied hyperlink takes the sufferer to an E-ZPass phishing website, which, apart from the URL, seems to be like a respectable website. BleepingComputer exams decided that the phishing web site solely hundreds on the cell, so desktop customers won’t see it.
Supply: BleepingComputer
The amount of texts being despatched on this rip-off is so massive that customers have been expressing their frustration over the frequency and persistence of the actual rip-off makes an attempt, generally reaching as much as 7 messages in a day.
Though the origin of the messages hasn’t been decided but, we not too long ago reported on an rising phishing-as-a-service platform named Lucid, which has been linked to these kind of scams.
Platforms like Lucid and Darcula use encrypted iMessage and RCS messages to bypass conventional anti-spam filters and ship massive volumes of textual content with out incurring the prices related to commonplace SMS supply.
For those who obtain one in every of these messages, it’s best to block and report the quantity in order that the e-mail deal with or cellphone quantity is reported to Apple. Nonetheless, as a basic rule, it’s best to keep away from responding to those scams as they put you on the radar of the scammers for future makes an attempt.
For these involved that they’ve respectable excellent funds, it’s best to as a substitute log in to your toll authority’s website on to verify for any balances.
The FBI has beforehand suggested recipients to file a criticism on the IC3 portal.
Primarily based on an evaluation of 14M malicious actions, uncover the highest 10 MITRE ATT&CK strategies behind 93% of assaults and learn how to defend towards them.
