New Wave of Toll Phishing Scams Targeting Mobile Users Across US

As we step into 2025, a worrying trend emerges in the cybercrime landscape, targeting mobile users across the United States. A surge in SMS phishing attacks, known as “smishing,” has been observed, with criminals spoofing toll road operators to trick unsuspecting victims into handing over sensitive information and payment details.

The Rise of Toll Phishing

In a recent development reported by Krebs on Security, residents are being inundated with text messages that appear to come from legitimate toll road services. These messages warn recipients about unpaid fines and delinquent toll fees, urging them to take immediate action.

One such example is the alert issued by the Massachusetts Department of Transportation (MassDOT) in early January 2025. They warned residents about a new SMS phishing scam targeting users of EZDriveMA, their all-electronic tolling system. The warning was followed by similar reports from other states like Florida and Texas.

How It Works

These scams typically work by sending messages that mimic official communications from toll road operators such as E-ZPass or Sunpass. Criminals often exploit the urgency and legitimacy of these messages to dupe users into providing payment card data, one-time passwords (OTPs), or other sensitive information.

Ford Merrill, a security researcher at SecAlliance, notes that these phishing attacks have surged after the New Year. The emergence coincides with new capabilities in phishing kits sold by Chinese cybercriminal groups, which now closely mimic toll operator websites as they appear on mobile devices.

• Users are often directed to phishing pages that only load when detected from a mobile device.
• Criminals may use iMessage and RCS technologies for delivery, exploiting loopholes in telecom operators’ filtering systems.

Impact of Toll Phishing Scams

The impact of these toll phishing scams is significant. Not only do they result in financial losses for victims but also expose individuals to further risks such as identity theft and credit card fraud.

“Every one of us by now is sick and tired of receiving package smishing attacks, so now it’s a new twist on an existing scam,” notes Merrill, highlighting the evolution in tactics employed by cybercriminals.

• In October 2025, KrebsOnSecurity reported a massive uptick in SMS phishing scams targeting US Postal Service customers.
• Criminals have traditionally impersonated shipping companies, customs authorities and even governments with tax refund lures.

Targeting Toll Road Operators

The latest trend focuses on toll road operators across various states. The attacks are not limited to one geographical area but seem to be targeting multiple US state-run toll facilities.

Incidents have been reported in Florida, Texas, California, Colorado, Connecticut, Minnesota, and Washington. This indicates that the threat is widespread and could potentially impact users nationwide.

• MassDOT issued a warning about SMS phishing attacks spoofing EZDriveMA.
• Sunpass customers in Florida reported receiving fraudulent messages.

Tactics Employed by Scammers

Scammers employ sophisticated tactics to make their scams appear legitimate. They often use new modules from popular phishing kits, such as this one offered by “Lighthouse”, which closely mimic toll operator websites.

These phishing pages are highly dynamic and are operated in real-time by criminals. They can capture any data entered by victims, even if the victim decides not to submit the form.

• Once scammers obtain payment card details, they often add them to mobile wallets.
• The compromised cards can then be used to make purchases at physical stores or online platforms.

Data Source Uncertainty

The sources of targeted phone numbers remain unclear. According to MassDOT’s notice, the targeted phone numbers appear to be chosen randomly and are not uniquely associated with an account or toll road usage.

It’s important for individuals to be vigilant as these scammers could use various data collection methods from previous breaches or purchased lists.

• Criminals may utilise breached databases, social engineering tactics or even purchase contact information from dark web marketplaces.

Preventive Measures and Awareness

To combat these toll phishing scams, users must remain vigilant and take proactive steps to protect themselves.

• Avoid clicking on links within suspicious messages and do not visit the website mentioned in the text message.
• If you receive one of these messages, delete it immediately or report it to authorities via the FBI’s Internet Crime Complaint Center (IC3).

Security experts recommend that users familiarise themselves with legitimate communications from toll road operators. Toll providers rarely communicate by SMS and often provide multiple contact methods for queries.

Stay Informed, Stay Safe

With these new phishing trends in place, it’s crucial to stay informed about the latest security threats. By staying vigilant and taking necessary precautions, users can protect themselves from falling victim to toll road scams.

• Educate yourself on common tactics used by scammers.
• Report suspicious activity promptly to relevant authorities.

Conclusion (Not Written)

In summary, the rise of toll phishing scams targeting mobile users underscores the need for increased awareness and vigilance. By understanding the tactics employed by cybercriminals and taking appropriate precautions, individuals can safeguard their personal information from falling into the wrong hands.

Remember, staying informed is your best defence against these ever-evolving threats in the digital age.

Sources:

• Krebs on Security: Chinese Innovations Spawn Wave of Toll Phishing Via SMS
• SlashNext: State of Phishing Report 2025 Q3

Stay safe out there!