A surge in phishing attacks targeting E-ZPass and other toll agencies is underway. Victims receive numerous iMessages and SMS texts designed to steal personal and financial information. These messages contain links leading to fake websites mimicking legitimate toll authorities.
How the Scam Works
The scam texts bypass spam filters, originating from seemingly random email addresses, suggesting automation. The messages create a sense of urgency, threatening fines or license suspension if tolls aren’t paid immediately.
One example reads: “Your toll payment for E-ZPass Lane must be settled by April 4, 2025. To avoid fines and the suspension of your driving privileges, kindly pay by the due date.”
To circumvent Apple iMessage’s automatic link disabling for unknown senders, scammers instruct recipients to reply, enabling the malicious links. These links redirect users to mobile-only phishing sites that closely resemble legitimate toll agency websites. These sites aim to collect names, email addresses, physical addresses, and credit card details.
The sheer volume of texts—up to seven per day for some users—highlights the scale of the campaign. The FBI warned about this scam in April 2024, but this recent surge demonstrates its continued effectiveness.
The Technology Behind the Attack
The attackers leverage platforms like Lucid and Darcula, which utilize encrypted iMessage and RCS messages. This method allows them to bypass traditional anti-spam filters and send mass texts affordably.
Protecting Your Business
If your organization receives these messages, immediately block and report the numbers to Apple. Avoid responding to the texts, as this may flag you for future attacks. Verify outstanding toll payments directly through the official toll agency website. The FBI recommends filing a complaint through the IC3 portal.
