welcom to America today with a new article about Did you get a text about unpaid road tolls? It could be a ‘smishing’ scam, FBI says
The FBI has issued an alert warning of a new SMS scam targeting road tolls.
In an alert posted April 12, the FBI said it had received over 2,000 complaints reporting smishing texts representing road toll collection services in at least three states, claiming people owe money for unpaid tolls. According to the FBI, the scam may be moving from state to state.
An example of the scam text people may receive reads as follows: “(State Toll Service Name): We’ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00, visit https://myturnpiketollservices.com to settle your balance.”
The texts contain almost identical language, but the link within the text is changed to impersonate the state’s toll service name, the FBI says. Phone numbers also appear to change between states.
What is smishing?
Smishing is a “a social engineering attack using fake text messages to trick people into downloading malware, sharing sensitive information, or sending money to cybercriminals,” according to the FBI.
The term comes from a combination of the words “SMS” and “phishing.”
The word ‘smishing’ sounds ominous because it is a mix of Short Message Service (SMS) and Phishing. The outcome is a scam that baits consumers into providing personal information to a seemingly trusted source. In this case, people are receiving electronic messages claiming to be from NZTA on the pretext of repaying an outstanding road fine.
The significance of this type of scam is that it’s using the brand of a government entity to add an air of legitimacy and further its own cause. Even if a consumer is wary, the ‘from’ address is fabricated to resemble an official source and most people would consider it unusual to receive a text from an unknown sender.
The smishing message provides a URL to a bogus website that mirrors the look of the genuine NZTA site, where it asks the user to download a PDF. Upon opening the PDF, the user finds his computer infected with malicious software and now faces the threat of stolen personal information, or use of the user’s computing power for illegal means. This is a two-level attack on the person’s privacy and data security and NZTA has advised people who suspect they have received a phishing email to confirm with NZTA that it was genuine. Any irregular contact can be reported to the NZTA contact centre.
What to do if you receive a toll road ‘smishing’ text
If you receive one of these texts, the FBI suggests to do the following:
File a complaint with the FBI’s Internet Crime Complaint Center (IC3), and be sure to include the phone number where the text originated and the website listed in the text.
Do not click the link in the text, and be sure to check your toll account on the legitimate toll service website. You can also contact the toll service’s legitimate customer service phone number.
Delete any smishing texts.
If you did click the link or provide any information, the FBI recommends to take efforts to secure your personal information and financial accounts, and to dispute any unfamiliar charges.
Scams: Unpaid Road Tolls ‘Smishing’ Scam
Modern day technology has seen a number of consumer payment options arise to make our lives increasingly convenient. Commuters in Sydney, Australia have absorbed one such payment option: an electronic method to pay road tolls. However, the increased use of this method in Sydney has led to a recent scam targeting those who have incurred toll debts.
This paper will outline the types of scams targeting toll recipients; in particular, the ‘smishing’ scam. The name ‘smishing’ is a combination of the words ‘SMS’ and ‘phishing’; the method of the scam essentially involves the victim receiving a fake text message (usually smug with malware) while being told that they owe outstanding toll fees, and that they must follow a link in the message to settle the debt.
Malcolm North, NSW Fair Trading Commissioner stated that the scammers are posing as government officials and demanding payments of around $100, a total which is small enough to bypass questioning from the victim. The subtle method of this scam is proving to be highly effective, with North revealing that the scammers have made an estimated $10,000 from 100 victims.
Road tolls as a target
The content that led a colleague to discuss the implications of road toll evasion is clearly reflected in this scam in New South Wales. This road toll evasion system has a system in place for identifying and contacting vehicle owners that have not paid tolls they are required to pay. This involves using the vehicle registration details from the roads and traffic authority to send a letter to the owner, which escalates to a fine of $150 for failure to pay the toll.
This creates a situation where a legitimate road toll defaulter with the potential to pay a $150 fine has to distinguish between paying the toll or a fine that they do not know is the result of a smear campaign to obtain money from them. This is an identical mismatch to the victim of the scam. With the concept of stealth and ambush being an advantageous tactic in warfare, the scammers have created an ideal high yield low-risk situation. Falsified URLs and websites can be easily created and changed at any time.
The ability to move a large amount of money out of the victim using electronic credit card transactions completely avoids confrontation and can be done in the seclusion of their own home. Identity theft is a risk-free method of obtaining further money from a victim at any time in the future without an incurred cost or risk of contacting them.
The objective behind this smishing scam is to get a victim to pay the apparent debt incurred, which is an uncommon approach in scams as victims usually lose money without actually directly paying the scammers. A text message is sent to the victim stating “final notice” of an unpaid road toll followed by a threat of a $150 fine or potential imprisonment.
A URL is given that seems to link to an official government website, with a form that asks for personal details along with credit card details to ‘pay the toll’. This form will most likely have been created to look like the official government website, however, it is hosted on a domain and server owned by the scammers. With these details, the scammers can pursue a further act of identity theft to gain more money from the victim.