Toll road text scams have surged by a staggering 900% in the past three months, raising alarms across the United States. The scams are believed to be orchestrated by Chinese criminal gangs operating from Southeast Asia. These fraudulent schemes are targeting smartphone users, exploiting both iPhone and Android platforms. The scams involve fake notifications mimicking state-run toll systems such as Georgia's Peach Pass, Florida's Sun Pass, and Texas's Texas Tag.
The scams employ a sophisticated approach, utilizing 60,000 domains purchased in bulk for approximately $90,000. The perpetrators use names like "FastTrak" to lend credibility to their deceitful messages. These scams have been identified in various states including Georgia, Florida, Texas, Louisiana, and Vermont. Affected individuals receive text messages that appear to be legitimate toll fee notifications, urging them to click on links that ultimately harvest personal information.
Cybersecurity firm Trend Micro has observed a dramatic increase in searches for "toll road scams," reflecting growing public concern. The Ohio Turnpike and Infrastructure Commission has also released a public service advertisement warning residents about the fraudulent texts.
"Scammers want people to panic, not pause, so they use fear and urgency to rush people into clicking before they spot the scam." – Amy Bunn, online safety advocate at McAfee
The scams are not merely interested in extracting a nominal $3 toll fee. Once personal information is obtained, it can be exploited for further fraudulent activities. This has led to heightened concerns among cybersecurity experts and law enforcement agencies alike.
"Once they have that, they can scam you for other things." – Jon Clay, vice president of threat intelligence at Trend Micro
The scams' effectiveness is partly due to their ability to circumvent security features on smartphones. Apple's safety feature, which typically strips links from texts, has proven ineffective against these scams. Android devices attempt to mitigate the issue by adding numbers to spam lists; however, scammers simply change numbers to continue their operations.
"Apple doesn't do anything about it…. Android will add it to their spam list so you won't get texts from the same number, but then the scammers will just change numbers." – Clay
The mass proliferation of these scams suggests a high level of organization and resource allocation by the criminals involved. The purchase of tens of thousands of domains indicates a substantial investment in infrastructure.
"They are basically building big data centers in the jungle." – Jon Clay, vice president of threat intelligence at Trend Micro
The scams highlight the vulnerabilities within digital communication systems and the ease with which cybercriminals can manipulate them. As technology evolves, so too do the methods employed by those seeking to exploit it. The use of artificial intelligence tools has further enabled scammers to craft convincing messages that easily deceive unsuspecting individuals.
"Greater access to AI tools helps cybercriminals create a higher volume of convincing text messages that trick people into sharing sensitive personal or payment information – like they'd enter when paying a toll road fine." – Amy Bunn, online safety advocate at McAfee