At The Identity Organisation, we're here to help!

    Or drop us a mail!

    Your privacy is important to us, and we want to communicate with you in a way which has your consent and which is in line with UK Law on data protection. As a result of a change in UK law on 25th May 2018, by providing us with your personal details you consent to us processing your data in line with current GDPR requirements.

    Here is where you can review our Privacy & GDPR Statement

    To remove consent at any time, please e-mail info@tidorg.com with the word "unsubscribe" as the subject.

    +44 (0) 1628 308038 info@tidorg.com

    Beware of Toll Scam Texts: How Cybercriminals are Targeting U.S. Drivers

    Drivers across the U.S. are being bombarded with fraudulent text messages claiming to come from toll operators like E-ZPass. 

    These messages threaten fines for unpaid toll fees and aim to steal personal and financial information. Security experts warn that these scams are becoming more sophisticated, driven by new phishing tools developed and sold in China.

    Recently, the Massachusetts Department of Transportation (MassDOT) issued an alert about a smishing campaign targeting users of its EZDriveMA tolling program. Victims who click the links in these texts are asked to provide credit card details and, in some cases, verify a one-time password (OTP) sent via SMS or authentication apps.

    This phishing module for spoofing MassDOT’s EZDrive toll system was offered on Jan. 10, 2025 by a China-based SMS phishing service called “Lighthouse.”

    Similar scams have been reported in other states, including Florida (targeting SunPass users), Texas (North Texas Toll Authority), California, Colorado, Connecticut, Minnesota, and Washington. These phishing attacks often involve realistic-looking websites that mimic official toll authority sites but only function on mobile devices, making them even more convincing to unsuspecting users.

    According to Ford Merrill, a security researcher at SecAlliance, the volume of toll-related phishing attacks surged after the New Year. This spike coincides with updates to commercial phishing kits developed by Chinese cybercriminal groups. These kits now include templates designed specifically to impersonate toll operators in multiple states.

    Merrill notes that these kits, sold widely in underground markets, are part of a larger trend. Criminals have used similar tactics to impersonate shipping companies, tax agencies, and immigration services, often targeting individuals new to a country or in vulnerable positions. The ultimate goal is to steal payment card details, add them to mobile wallets, and make fraudulent purchases or launder money through shell companies.

    To protect yourself from these scams:

    1. Verify the source: Avoid clicking links in unsolicited text messages. Instead, visit the official website of your toll provider directly
    2. Enable multi-factor authentication (MFA): Use MFA for online accounts to add an extra layer of security
    3. Monitor your accounts: Regularly review bank and credit card statements for unauthorized transactions
    4. Report scams: Notify your local toll authority and file a report with the Federal Trade Commission (FTC) if you receive suspicious messages

    As these scams grow more sophisticated, staying vigilant is essential. By understanding how these phishing schemes operate, you can better protect yourself and your personal information.

    KnowBe4 empowers your workforce to make smarter security decisions every day. Over 70,000 organizations worldwide trust the KnowBe4 platform to strengthen their security culture and reduce human risk.

    Krebsonsecurity has the story.

    Will your users respond to phishing emails?

    KnowBe4’s Phishing Reply Test (PRT) is a complimentary IT security tool that makes it easy for you to check to see if key users in your organization will reply to a highly targeted phishing attack without clicking on a link. PRT will give you quick insights into how many users will take the bait so you can take action to train your users and better protect your organization from these fraudulent attacks!

    Here’s how it works:

    • Immediately start your test with your choice of three phishing email reply scenarios
    • Spoof a Sender’s name and email address your users know and trust
    • Phishes for user replies and returns the results to you within minutes
    • Get a PDF emailed to you within 24 hours with the percentage of users that replied
    Go Phishing Now!

    PS: Don’t like to click on redirected buttons? Cut & Paste this link in your browser: https://info.knowbe4.com/phishing-security-test-partner?partnerid=001a000001lWEoJAAW

    Sign Up to the TIO Intel Alerts!

    Back To Top