Last week, the Federal Trade Commission issued a warning about text messages sent to people about tolls they supposedly owed. Some of the texts showed a dollar amount and included a link that takes you to a page to enter your bank or credit card information, all data that can be stolen and used by hackers.
Cybersecurity site KrebsOnSecurity reports the surge in SMS span coincides with new features added to a popular commercial kit sold in China that teaches people how to set up spoofing scams. According to the FBI, spoofing is when someone disguises an email address, sender name, phone number or website URL to convince the target they are interacting with a trusted source. Sometimes the change on the email or website can be very small — perhaps one letter, symbol or number.
“What we’re seeing with these tolls scams is just a continuation of the Chinese smishing groups rotating from package redelivery schemes to toll road scams,” Ford Merrill, security researcher at SecAlliance, a CSIS Security Group company,” told KrebsOnSecurity. “Every one of us by now is sick and tired of receiving these package smishing attacks, so now it’s a new twist on an existing scam.”
The scam has been widely reported across the country, with fake texts seemingly coming from the Massachusetts Department of Transportation, operator of EZDriveMA, the North Texas Toll Authority and Florida’s prepaid toll program Sunpass, among others.
The phishing attack coincides with the release of the new kit telling people how to mimic toll operator websites as they appear on mobile devices. The goal of the scam is to extract enough information from the victim to get their credit or debit card numbers or any other personally identifiable information.
What should you do if you receive a toll text? Here’s what FTC recommends:
- Don’t click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it’s best to stop and check it out.
- Check to see if the text is legit. Reach out to the state’s tolling agency using a phone number or website you know is real and don’t use the contact info on the text. If you haven’t traveled and know you didn’t go through a toll, you can almost bet the text is a scam.
- Report and delete unwanted text messages. Use your phone’s “report junk” option to report unwanted texts to your messaging app or forward them to 7726 (SPAM).
