133/68 Tuesday, April 8, 2025
A growing SMS phishing campaign is targeting users by impersonating E-ZPass and other toll collection agencies such as FasTrak and the Florida Turnpike. Victims are receiving fraudulent iMessages and SMS messages designed to steal personal and credit card information.
The messages typically claim that the recipient has unpaid toll fees or faces driver’s license suspension, prompting them to click on a malicious link. These links redirect users to spoofed websites that closely mimic legitimate toll agency pages but are only viewable on mobile devices, making it harder for traditional phishing scanners to detect the pages. Although the FBI issued a warning about this scam in April 2024, recent months have seen a sharp rise in attacks.
Cybercriminals are reportedly using phishing-as-a-service (PhaaS) platforms like Lucid and Darcula to send these messages via encrypted iMessage and RCS, bypassing traditional SMS spam filters and avoiding carrier fees. In some cases, victims reported receiving up to seven phishing messages per day. While Apple has attempted to mitigate the issue by blocking links from unknown senders, attackers often trick users into replying first, which activates the malicious link.
Experts recommend blocking and reporting suspicious numbers immediately. Always verify toll charges by visiting the official websites of the toll agencies—do not click on links from unverified messages. These attacks rely on creating urgency and fear to trick victims into revealing sensitive data. Users are urged to stay cautious and avoid responding to messages that demand immediate action unless confirmed through a trusted source.
