Fake Toll Road Scam Texts are Everywhere. These Cities are The Most Targeted. | McAfee Blog

Look both ways for a new form of scam that’s on the rise, especially if you live in Dallas, Atlanta, Los Angeles, Chicago, or Orlando — fake toll road scams. They’re the top five cities getting targeted by scammers. 

We’ve uncovered plenty of these scams, and our research team at McAfee Labs has revealed a major uptick in them over the past few weeks. Fake toll road scams have nearly quadrupled at the end of February compared to where they were in January.  

Figure 1. A chart showing the increasing frequency and volume of toll road scam messages

What is a toll road scam? 

The scams play out like this:  

Ping. You get a text notification. It says you have an unpaid tab for tolls and that you need to pay right away. And like many scams, it contains a link where you can pay up. Of course, that takes you to a phishing site that asks for your payment info (and sometimes your driver’s license number or even your Social Security number), which can lead to identity fraud and possibly identity theft. 

Here’s one example that our Labs team tracked down. Pay close attention to the link. It follows the form of a classic scammer trick by altering the address of a known company so that it looks legit. 

Figure 2. A screenshot showing an example of a Toll Roads scam text 

The scam messages come in multiple varieties, however, so it’s important to stay vigilant of both your text and email inboxes. McAfee Labs found, for example, that some text messages and emails included PDFs while others included links using popular URL shortener services such as bit.ly, shorturl.at, qrco.de, and short.gy. The use of URL shorteners can also falsely create a sense of security when people recognize the popular format and don’t see typos or suspicious parts of the full URL. 

Figure 3. A screenshot of a toll road scam text that urges recipients to open a PDF 

Additionally, these scammers put in a lot of effort to create legitimate-looking web pages and notices. Note how the following example does its best to look like branded digital letterhead. And, as usual, it uses urgent language about fines and legal action to help make sure you “Pay Now.” 

Figure 4. An example of a PDF included in a scam toll road text message
 

Why so many toll road scams?  

They work. Scammers target their victims by matching them with the toll payment service in their city or state, which makes the scam look extra official. For example, a scammer would use an “E-ZPass” email to target someone in Orlando, our #5 city for toll road scams, which is one of the 19 states that E-ZPass serves. In southern California, victims get hit with phony texts from scammers posing as “The Toll Roads,” which is a payment service in that region. 

The apparent legitimacy combined with the emotional sense of urgency creates the perfect snare for scammers.  

Now, about those URLs to phishing sites. We mentioned that scammers take the URLs of known toll payment services and add some extra characters to them. In other cases, they’ve latched on to the root term “paytoll” as well. Our research team dug up several examples of fake toll sites, including: 

1. paytollbysuab[dot]top/pay  
2. thetollroads-paytollhmm[dot]world  
3. thetollroads-paytollxtd[dot]world/us  
4. thetollroads-paytollwpc[dot]world/us  
5. thetollroads-paytollolno[dot]xin/us  
6. thetollroads-paytollktc[dot]world/us  
7. thetollroads-paytoll[dot]world/us  
8. paytollmit[dot]vip  
9. paytollaqs[dot]vip  
10. paytollcqb[dot]top/ezdrivema  

Of course, don’t follow any of those links. And something else about those links — you can see scammers dot-top, dot-vip, and dot-xin. These domains are cheap, available, and easy to purchase, which makes them attractive to scammers. 

The cities facing the biggest influx of toll road scams 

According to McAfee Labs research, the following U.S. cities are experiencing the most of these scam texts: 

1. Dallas, Texas  
2. Atlanta, Georgia  
3. Los Angeles, California  
4. Chicago, Illinois  
5. Orlando, Florida  
6. Miami, Florida  
7. San Antonio, Texas  
8. Las Vegas, Nevada  
9. Houston, Texas  
10. Denver, Colorado 
11. San Diego, California  
12. Phoenix, Arizona  
13. Seattle, Washington  
14. Indianapolis, Indiana  
15. Boardman, Ohio 

Figure 5. The top cities where toll road scams are most prevalent 

Avoiding toll road scams 

The scam has gotten so out of hand that the U.S. Federal Trade Commission (FTC) has issued a warning about it. They offer up the following advice: 

• Don’t click on any links in, or respond to, unexpected texts. Scammers want you to react quickly, but it’s best to stop and check it out. 

• Check to see if the text is legit. Reach out to the state’s tolling agency using a phone number or website you know is real — not the info from the text. 

• Report and delete unwanted text messages. Use your phone’s “report junk” option to report unwanted texts to your messaging app or forward them to 7726 (SPAM). Once you’ve checked it out and reported it, delete the text. 

We’ll add to that too, with: 

• If in doubt, use a search engine to locate the toll websites in your area. 

• Report suspicious texts to www.ic3.gov so that law enforcement can track them and warn others about them. 

• Get text scam protection. Our Text Scam Detector automatically detects scams by scanning URLs in your text messages. If you accidentally tap or click? Don’t worry, it blocks risky sites if you follow a suspicious link. 

Additional examples of phishing pages found by McAfee

The following images show additional phishing pages and links McAfee found in relation to different toll road scams.

Introducing McAfee+

Identity theft protection and privacy for your digital life

Download McAfee+ Now