New SMS Phishing Scam Targets U.S. Toll Road Users with Fake Payment Alerts

Share post:

Brian Krebs of the Krebs on Security blog did a big piece leading with how residents across the U.S. are being flooded with fraudulent text messages impersonating toll road operators like E-ZPass and SunPass, warning recipients of supposed unpaid toll fees. Researchers say the surge in SMS phishing scams coincides with new capabilities added to a commercial phishing kit sold in China, allowing cybercriminals to mimic official toll payment websites with alarming accuracy.

The Massachusetts Department of Transportation (MassDOT) recently issued a warning about phishing attacks targeting EZDriveMA, the state’s electronic tolling program. Victims who fall for the scam are asked to enter their payment card details and later provide a one-time password (OTP)—a tactic aimed at bypassing two-factor authentication and linking stolen cards to digital wallets.

Similar phishing attempts have surfaced in Florida, Texas, California, Colorado, Connecticut, Minnesota, and Washington. The attacks appear to follow the release of a new module for “Lighthouse,” a China-based SMS phishing service, which now includes fake websites spoofing multiple U.S. toll operators. Cybercriminals have designed these phishing pages to be accessible only from mobile devices, making them more convincing to unsuspecting users.

Ford Merrill, a security researcher at SecAlliance, confirmed that these phishing kits are sold by multiple China-based cybercriminal groups, each with hundreds or thousands of customers. The scammers’ primary goal is to steal payment credentials and link them to mobile wallets for fraudulent purchases or money laundering. According to Merrill, this latest scam is a continuation of previous package delivery and tax refund phishing attacks, which have evolved as consumers become more aware of older schemes.

The reality is that text based phishing is an epidemic. And part of that expansion in phishing tactics, is that criminals are increasingly using iMessage and RCS (Rich Communication Services) to bypass telecom spam filters. Traditional smishing campaigns relied heavily on SMS, but these new delivery channels allow messages to appear more legitimate, increasing their success rate.

While it remains unclear how targets are selected, MassDOT warns that affected phone numbers appear to be chosen at random and are not linked to actual toll accounts. Some recipients have reported receiving scam messages despite never having used a toll road or even owning a vehicle.

The FBI urges recipients to report phishing attempts to the Internet Crime Complaint Center (IC3) before deleting the messages. I’ll be checking with the Canadian authorities for where to report this, but regardless – we need to get the message out that users should never click on links in unsolicited texts or provide sensitive financial information online.

SUBSCRIBE NOW

Related articles

FBI’s Operation Level Up Ends Cyber Scams and Saves Millions of Dollars and Lives

We should send a love note out to The Federal Bureau of Investigation (FBI) who launched Operation Level...

DOGE’s Teen Hacker Stirs Concern Over Musk Team’s Access to Federal Databases

A 19-year-old named Edward “Big Balls” Coristine has raised red flags after Wired revealed he holds a key...

Deep Seek and Open Source AI – Without the Hype: Discussion with Robert Falzon, Head of Engineering, Check Point

DeepSeek AI is shaking up the cybersecurity world—are we prepared for the risks? Join host Jim Love and...

Researchers Jailbreak DeepSeek AI, Expose System Prompt and Raise Security Concerns

Security researchers at Wallarm have successfully jailbroken DeepSeek, a recently released open-source AI model from China. The jailbreak...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways