Drivers throughout the U.S. are being bombarded with fraudulent textual content messages claiming to return from toll operators like E-ZPass.
These messages threaten fines for unpaid toll charges and purpose to steal private and monetary info. Safety specialists warn that these scams have gotten extra refined, pushed by new phishing instruments developed and bought in China.
Lately, the Massachusetts Division of Transportation (MassDOT) issued an alert a few smishing marketing campaign concentrating on customers of its EZDriveMA tolling program. Victims who click on the hyperlinks in these texts are requested to offer bank card particulars and, in some circumstances, confirm a one-time password (OTP) despatched through SMS or authentication apps.
This phishing module for spoofing MassDOT’s EZDrive toll system was provided on Jan. 10, 2025 by a China-based SMS phishing service referred to as “Lighthouse.”
Comparable scams have been reported in different states, together with Florida (concentrating on SunPass customers), Texas (North Texas Toll Authority), California, Colorado, Connecticut, Minnesota, and Washington. These phishing assaults typically contain realistic-looking web sites that mimic official toll authority websites however solely perform on cell gadgets, making them much more convincing to unsuspecting customers.
In accordance with Ford Merrill, a safety researcher at SecAlliance, the amount of toll-related phishing assaults surged after the New Yr. This spike coincides with updates to business phishing kits developed by Chinese language cybercriminal teams. These kits now embrace templates designed particularly to impersonate toll operators in a number of states.
Merrill notes that these kits, bought broadly in underground markets, are half of a bigger pattern. Criminals have used comparable techniques to impersonate delivery firms, tax businesses, and immigration providers, typically concentrating on people new to a rustic or in susceptible positions. The final word purpose is to steal cost card particulars, add them to cell wallets, and make fraudulent purchases or launder cash via shell firms.
To guard your self from these scams:
- Confirm the supply: Keep away from clicking hyperlinks in unsolicited textual content messages. As an alternative, go to the official web site of your toll supplier straight
- Allow multi-factor authentication (MFA): Use MFA for on-line accounts so as to add an additional layer of safety
- Monitor your accounts: Frequently evaluation financial institution and bank card statements for unauthorized transactions
- Report scams: Notify your native toll authority and file a report with the Federal Commerce Fee (FTC) should you obtain suspicious messages
As these scams develop extra refined, staying vigilant is crucial. By understanding how these phishing schemes function, you’ll be able to higher shield your self and your private info.
KnowBe4 empowers your workforce to make smarter safety choices on daily basis. Over 70,000 organizations worldwide belief the KnowBe4 platform to strengthen their safety tradition and cut back human danger.
Krebsonsecurity has the story.