DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

E-ZPass toll payment texts return in massive phishing wave

Posted on April 8, 2025 by Dissent

Bill Toulas reports:

An ongoing phishing campaign impersonating E-ZPass and other toll agencies has surged recently, with recipients receiving multiple iMessage and SMS texts to steal personal and credit card information.

The messages embed links that, if clicked, take the victim to a phishing site impersonating E-ZPass, The Toll Roads, FasTrak, Florida Turnpike, or another toll authority that attempts to steal their personal information including names, email addresses, physical addresses, and credit card information.

This scam is not new, with the FBI warning about it in April 2024, but BleepingComputer has seen and received multiple reports of a surge in this mobile phishing campaign.

Read more at BleepingComputer.

DataBreaches had also seen these E-ZPass smishing attempts, but sometimes, timing is everything. People who recently received legitimate invoices from E-ZPass in New York for toll road charges and who tried to use the real website during the past week will have seen a notice that the sites were unreachable due to maintenance and updating work. The message on the site currently says:

To improve service to our customers, we are upgrading our systems from 7:00 pm on 04/09/2025 to 11:59 pm on 04/14/2025. During this upgrade process, the automated phone system, customer service representatives, and account access from the website or mobile app will be unavailable for several days. Please make note of this temporary service change when managing your account.

Anyone receiving a scam message during this period may be more inclined to click on any link in the message to pay, but don’t click.

NY’s E-ZPass site has this warning:

IMPORTANT MESSAGES and ALERTS
SCAM ALERT: SMiShing Scam –We have recently learned of an SMS text message scam attempting to collect unpaid tolls. Some messages reference fictitious names like “NY Toll Services,” while others fraudulently use the names of legitimate tolling programs such as E-ZPass or the Congestion Relief Zone, formerly known as the Central Business District Tolling Program. Please be advised these are NOT authorized communications from E-ZPass New York or other Tolling Authorities associated with E-ZPass program. We strongly advise you NOT to click the link to the website contained within the message you receive. E-ZPass New York will never ask for a customer’s Date of Birth, Social Security Number, or other personally identifiable information. Real communications from E-ZPass New York will only refer customers to the following official websites: E-ZPassNY.com and TollsByMailNY.com. If you receive a fraudulent SMS and would like to file a complaint with the FBI’s Internet Crime Complaint Center, please visit www.ic3.gov. This is a site dedicated to sharing information on Internet crimes across law enforcement agencies.

 

Category: Miscellaneous

Post navigation

← When the victimizers become the victims…. RansomHub the victim of a takeover?
2024 Year in Review: Data Breach Litigation →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • 16 Defendants Federally Charged in Connection with DanaBot Malware Scheme That Infected Computers Worldwide
  • Russian national and leader of Qakbot malware conspiracy indicted in long-running global ransomware scheme
  • Texas Doctor Who Falsely Diagnosed Patients as Part of Insurance Fraud Scheme Sentenced to 10 Years’ Imprisonment
  • VanHelsing ransomware builder leaked on hacking forum
  • Hack of Opexus Was at Root of Massive Federal Data Breach
  • ‘Deep concern’ for domestic abuse survivors as cybercriminals expected to publish confidential abuse survivors’ addresses
  • Western intelligence agencies unite to expose Russian hacking campaign against logistics and tech firms
  • Disrupting Lumma Stealer: Microsoft leads global action against favored cybercrime tool
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • Privilege Under Fire: Protecting Forensic Reports in the Wake of a Data Breach

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • Widow of slain Saudi journalist can’t pursue surveillance claims against Israeli spyware firm
  • Researchers Scrape 2 Billion Discord Messages and Publish Them Online
  • GDPR is cracking: Brussels rewrites its prized privacy law
  • Telegram Gave Authorities Data on More than 20,000 Users
  • Police secretly monitored New Orleans with facial recognition cameras
  • Cocospy stalkerware apps go offline after data breach
  • Drugmaker Regeneron to acquire 23andMe out of bankruptcy

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.