Have you received a text message about an unpaid road toll? Make sure you’re not the next victim of a smishing scam.
06 May 2025
•
,
4 min. read
Driving is a way of life in the US. The country’s sprawling suburbs and nationwide network of highways and toll roads is testament to this. But it also creates a large potential pool of victims for scammers to target, as American drivers have been finding out this year.
One report claims there has been a 604% surge in toll road scam texts since the start of the year, with the week beginning March 2 recording a 98% increase from the previous week. It has prompted the FTC, governor of New York and attorney general of California to issue warnings to the public.
It’s time to get clued up on toll road scams.
What do toll road scams look like?
These are effectively text-based phishing (smishing) attempts. The end goal is to trick you into handing over your personal or financial information, or potentially even to downloading malware to your device. This could include adware which floods the screen with irritating popups, or something more sinister, such as infostealing malware designed to harvest your information and logins.
Because we tend to be on the move when we look at our devices, we may be more distracted, and therefore inclined to click through on that malicious link. Often, our mobile phones are also less well-protected than our desktop computers, enabling scam messages to get through.
Here’s what to look out for in a typical toll road scam:
- An unsolicited text requesting that you pay an outstanding sum from a recent toll road journey
- A generic greeting rather than a personalized intro with your name
- Aggressive language designed to pressure you into paying, potentially threatening fines, suspension of vehicle registration or negative credit reports if you don’t
- A small payment amount, designed to make it more likely that you will pay up without asking questions
- Impersonation of a trusted toll road brand such as E-ZPass, which operates toll roads across 20 states, or even a state authority
- Request for information such as driver’s license number and license plates
- A link in the text message, which could covertly install malware or take you to a website to fill in personal and financial information
- A phishing site also spoofed with the branding of the legitimate toll road operator
Sometimes scams are easy to spot, such as when they are sent out to drivers in states with no toll roads, such as Michigan or Wisconsin.
Here’s some commonly used phrasing in unpaid toll scam texts:
“You have an unpaid toll bill on your account. To avoid late fees, pay within 12 hours or the late fees will be increased and reported to the DMV.”
“E-ZPass: Your unpaid toll must be resolved by [date] to ensure you maintain an active driver’s license status.”
“Your toll payment for E-ZPass Lane must be settled by [date]. To avoid fines and the suspension of your driving privileges, kindly pay by the due date.”
Examples of scam texts [sources: Reddit (1, 2 and 3)]
How to stay safe from toll road scam texts
By understanding the tell-tale signs of a toll road smishing attempt, you’ll be less likely to fall it. But the bad guys are always refining and evolving their scams, so it pays to keep up to date with the latest news. Consider signing up to services from toll road operators or state agencies that send out alerts about new scams.
Here are some other tips to consider:
- Never click on any links in unsolicited texts, or provide personal/financial information.
- Check with the sender if the text is legitimate and you do in fact owe a toll road provider some money. That means reaching out independently rather than responding to any details on the text itself.
- Sign up for an account with your toll road providers. This will help you to manage late payments more easily, and check the veracity of an unsolicited text claiming late payment.
- Download security software to your devices that can scan for malicious links or content, and block covert malware installation attempts.
- Block the number of any scam (smishing) texts you receive.
- Report toll road smishing attempts. This will help keep others safe by helping tech providers and law enforcers better understand new threats.
- Delete any scam texts once read and reported..
What to do if you think you’ve been scammed
In the even the worst happens and you think you may have fallen victim to a toll road smishing text, don’t panic and follow these steps:
- Freeze your bank cards and inform your bank (if you have shared financial details with the scammers)
- Initiative a credit freeze with the three main credit reporting agencies (Experian, TransUnion, Equifax). This will limit the ability of fraudsters to open new lines of credit with your details, without affecting your credit score
- Monitor your bank and credit card accounts for any unusual activity
- Report the incident to the relevant toll road authority
- Report the scam to the FTC. There may not be much they can do, but it will help in the fight to protect others against similar smishing attempts
- Change any passwords you might have shared with the scammers. Ideally you should use unique, strong credentials, stored in a password manager
- Improve account security with multi-factor authentication, which means that even if scammers get hold of account logins, they cannot proceed any further
- Download anti-malware to your device and run a scan. This will check if there’s any malware and remove it
Toll road scams are big business. One report claims that a single China-based cybercrime group registered as many as 60,000 phishing domains to support one campaign. It also warns that cybercriminals are increasingly making use of pre-packaged “smishing kits” which make launching such campaigns even easier. Fortunately, it also makes it easier to spot the scams, as they usually follow the same basic format.
Stay safe – on the roads and on your phone.
