FBI: Smishing Campaign Lures Victims With Unpaid-Toll Notices

The scam is spreading across the US and impersonates the specific toll-collection services of each state in malicious SMS messages.

The FBI is warning people about widespread
SMS phishing (smishing)
campaign spreading state to state thats luring people with messages informing them that they have unpaid tolls to resolve. The scam is aimed at stealing their credentials and defrauding them.
There also is evidence that that the campaign — which has been reported by people in three states so far, according to a
public service announcement
by the FBI Internet Crime Complaint Center (IC3)—affected other parts of the world before it reached US shores.
The campaign, active in the US since at least early March and reported by more than 2,000 people, sends users a text message that appears to come from the road-toll collection service of their specific states, claiming they owe money for unpaid highway tolls.
Weve noticed an outstanding toll amount of $12.51 on your record, the text of one such message reads. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.
While
smishing scams
are by no means new, they continue to be used by attackers because they still have the potential to fool users into giving up the valuable credentials that allow for cybercriminals to profit. The FBIs warning alone is a sign that the unpaid-toll campaign is likely to escalate, and is worrying enough to warrant vigilance from potential victims.
The texts contain almost identical language and use similar amounts for so-called outstanding tolls. What changes from state to state is that the malicious link provided within the text is created to impersonate the states toll service name, and phone numbers appear to change between states, according to the IC3.
The link takes users to what looks very much like the toll services legitimate websites, asking them to enter information on the pretense of paying the toll. Instead the attackers collect the victims payment credentials and other sensitive data that potentially could be shared with other cybercriminals and/or used in future social engineering attacks.
The FBI didnt specify which states are currently being affected by the wave of toll-related attacks, but a quick perusal of social-media platform X, formerly Twitter, found evidence that
the scam
has at least affected users in Pennsylvania.
The Pennsylvania Turnpike (
@PA_Turnpike
), the toll road, and related services that spans the state, posted a warning on social platform X to let users know about the campaign, and encouraged them to report any scam messages to the IC3.
Some customers have received phishing-attempt text messages claiming to be from the PA Turnpike’s toll services, according to
the post
. If you receive such a text, providing you with a link to pay an outstanding toll, do not click on the link, and delete the text.
The scam may be related to a similar one that previously swept across Australia, as people in states in both the eastern and western parts of the country in 2022 and 2023, respectively, also reported on X that they received driving toll-related smishing messages.
Back in August 2022, X user
Anthony Campisini posted
about a toll scam associated with City Link, a toll freeway service in the southeastern Aussie city of Melbourne, that also tried to lure users in the region with a message about unpaid tolls. Less than a year later, another X user in the state of Western Australia (WA) observed in March 2023 that he had been receiving a lot of scam SMS messages informing him that he owes money on road tolls.
How do I know they are scams? the user,
@EMacskasy
, who goes by the X name of Evan Stop the Killing,
posted
. Over here in WA = we do not have tolls on our roads.
EMacskasys observation is a good example of how people being targeted by the scam can avoid being compromised by it — by taking a moment to rationalize if its even possible that they owe money on tolls before having a knee-jerk reaction and immediately engaging with the message.
The IC3 is advising people to file a complaint with the IC3 on
the agencys website
if they receive one of the messages and include the following information: the phone number from where the text originated and the website listed within the text.
People also should check any toll-service account that they have by going separately and directly to the services legitimate website, to ensure that their accounts are in order, and/or contact the legitimate services customer service phone number to check the account and let them know of the scam. As previously mentioned, people also should delete the texts.
In case someone has already engaged with the link or given information, they should make an effort to secure their personal information and financial accounts, and dispute any unfamiliar charges that may show evidence of cybercriminal activity.

Last News
▸ ArcSight prepares for future at user conference post HP acquisition. ◂ Discovered: 07/01/2025 Category: security	▸ Samsung Epic 4G: First To Use Media Hub ◂ Discovered: 07/01/2025 Category: security	▸ Many third-party software fails security tests ◂ Discovered: 07/01/2025 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
FBI: Smishing Campaign Lures Victims With Unpaid-Toll Notices