Photo credit: www.cnbc.com

Toll Lane Scam Texts Target Drivers Nationwide

Eric Moyer received alarming text messages starting in February, warning him that failing to pay his FastTrak lane tolls by February 21 could result in fines and possible license suspension.

Initially skeptical, Moyer, a resident of Virginia Beach, opted to ignore the threats after confirming with his E-ZPass account that he had not used a toll road in recent months. His wife’s phone also buzzed with identical warnings.

Despite the red flags, many individuals do not share Moyer’s caution and lack the means to verify the authenticity of such messages. Consequently, some fall victim and make payments, thus fueling the persistence of these fraudulent schemes.

Recent data from cybersecurity firm Trend Micro indicates an alarming 900% surge in interest regarding “toll road scams” over the past three months. Jon Clay, vice president of threat intelligence at the firm, remarked that these tactics seem to be resonating with victims, causing them to pay out money, and the longevity of this particular scam is unusual.

The culprits behind these scams are believed to be organized criminal networks, primarily from China, operating from various international locations, including Southeast Asia. Clay noted that these groups are establishing extensive operations, often in remote areas, aptly referred to as “big data centers in the jungle,” where scammers are employed.

Absent major news events that typically trigger scams, the toll scheme has effectively taken center stage, but Clay predicts that schemes tied to tax season will soon emerge.

One of the most troubling aspects of these scams is their low cost and ease of execution for the perpetrators. Scammers can purchase phone numbers in bulk and send out millions of texts. Though the toll fee often mentioned is as low as $3, the real target is the personal information that victims submit, which holds significantly more value for further fraudulent activities.

Aidan Holland, a senior security researcher at the threat research platform Censys, has been investigating the toll scam phenomenon. He estimates that scammers operate around 60,000 domains—an investment of approximately $90,000—which suggests that the returns are substantial enough to warrant such expenditure.

State Toll Systems Under Attack

The fraudulent domains often mimic the names of legitimate state-run toll systems, such as Georgia’s Peach Pass, Florida’s Sun Pass, and Texas’s Texas Tag. Holland has traced these domains to Chinese networks, reinforcing the belief that the operations originate from within China.

Even with iPhones equipped with a feature designed to remove malicious links from texts, hackers are adapting their strategies, complicating matters for users. Holland pointed out that Apple has not responded to inquiries regarding these ongoing scams, while Android devices may block repetitive spam messages, albeit with the understanding that scammers will simply switch to new numbers.

Ohio officials first noted the toll scam in April 2024, but reports have surged in recent weeks, as more people come forward. The Ohio Turnpike’s customer service center has recorded a significant spike in calls regarding the scam, although the recent trend shows a decrease, likely due to heightened awareness among the public.

In response to the rising concerns, the Ohio Turnpike and Infrastructure Commission released a public service announcement to educate residents about the scam. Other states, including Louisiana and Vermont, have also warned their populations of the ongoing threat.

Experts suggest that scammers thrive on human emotions, leveraging fear and urgency to prompt hasty decisions from victims. Amy Bunn, an online safety advocate at McAfee, noted that the accessibility of AI tools has exacerbated the issue, enabling cybercriminals to craft more convincing messages that elicit sensitive personal information.

McAfee’s research indicates that toll scams surged almost fourfold between early January and late February of this year. Even if an individual recognizes a text as a scam, it is advisable not to respond in any capacity, as even a simple reply can confirm that a phone number is active, making it a target for future scams.

Holland expressed concern for the vulnerable segments of the population, such as the elderly and those lacking technological proficiency, who may unwittingly engage with these fraudulent communications. Conversely, others may find it easier to identify such scams. For example, Millie Lewis, a 77-year-old resident of Cleves, Ohio, recounted receiving her first scam text. With a self-declared 30-year hiatus from driving, she simply deleted the message.

Source
www.cnbc.com