Bill Toulas reports:
An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.
The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information including names, email addresses, physical addresses, and credit card information.
This scam is not new, with the FBI warning about it in April 2024, but BleepingComputer has seen and received multiple reports of a surge in this mobile phishing campaign.
Read more at BleepingComputer.
DataBreaches had also seen these E-ZPass smishing attempts, but sometimes, timing is everything. People who recently received legitimate invoices from E-ZPass in New York for toll road charges and who tried to use the real website during the past week will have seen a notice that the sites were unreachable due to maintenance and updating work. The message on the site currently says:
To improve service to our customers, we are upgrading our systems from 7:00 pm on 04/09/2025 to 11:59 pm on 04/14/2025. During this upgrade process, the automated phone system, customer service representatives, and account access from the website or mobile app will be unavailable for several days. Please make note of this temporary service change when managing your account.
Anyone receiving a scam message during this period may be more inclined to click on any link in the message to pay, but don’t click.
NY’s E-ZPass site has this warning:
IMPORTANT MESSAGES and ALERTS
SCAM ALERT: SMiShing Scam –We have recently learned of an SMS text message scam attempting to collect unpaid tolls. Some messages reference fictitious names like “NY Toll Services,” while others fraudulently use the names of legitimate tolling programs such as E-ZPass or the Congestion Relief Zone, formerly known as the Central Business District Tolling Program. Please be advised these are NOT authorized communications from E-ZPass New York or other Tolling Authorities associated with E-ZPass program. We strongly advise you NOT to click the link to the website contained within the message you receive. E-ZPass New York will never ask for a customer’s Date of Birth, Social Security Number, or other personally identifiable information. Real communications from E-ZPass New York will only refer customers to the following official websites: E-ZPassNY.com and TollsByMailNY.com. If you receive a fraudulent SMS and would like to file a complaint with the FBI’s Internet Crime Complaint Center, please visit www.ic3.gov. This is a site dedicated to sharing information on Internet crimes across law enforcement agencies.