{"id":25120,"date":"2024-08-27T06:10:28","date_gmt":"2024-08-27T14:10:28","guid":{"rendered":"https:\/\/www.palada.net\/index.php\/2024\/08\/27\/news-18850\/"},"modified":"2024-08-27T06:10:28","modified_gmt":"2024-08-27T14:10:28","slug":"news-18850","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/08\/27\/news-18850\/","title":{"rendered":"SMS scammers use toll fees as a lure"},"content":{"rendered":"\n<p>In April 2024, the FBI <a href=\"https:\/\/www.ic3.gov\/Media\/Y2024\/PSA240412\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">warned<\/a> about a new type of smishing scam.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/what-is-smishing\">Smishing<\/a> is the term we use for phishing attacks sent via text message. This particular smishing scam tries to trick users into clicking a link by telling them they owe a \u201csmall amount\u201d in toll fees.<\/p>\n<p>The scammers send a text claiming that the recipient owes money for unpaid tolls.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"438\" height=\"358\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/08\/example1.jpg\" alt=\"We've noticed an outstanding toll amount\" class=\"wp-image-116421\" \/><figcaption class=\"wp-element-caption\">Redacted example of toll smishing text<\/figcaption><\/figure>\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>\u201cPA Turnpike Toll Services: We\u2019ve noticed an outstanding toll amount of $12.51 on your record. To avoid a late fee of $50.00 visit [URL to fake site] to settle your balance.\u201d<\/p>\n<\/blockquote>\n<p>It looks as if the targets are chosen randomly, but if you&#8217;ve been on a recent summer trip or will be visiting your relatives during the holiday season the chances are higher that you will believe this type of text. Nobody is going to fool you into paying (extra) for your daily commute, right?<\/p>\n<p>Because of the relatively low amount, people may decide to settle the payment before the amount rises.<\/p>\n<p>One of the URLs we tracked for this campaign was myturnpiketollservices[.]com which was active from early April until late May. Some others have only been active for a few days.<\/p>\n<p>On the fake website, which is a really convincing copy of the original, visitors are asked to fill out their details like phone numbers, email addresses, full name, address, and their credit card details. Scammers will happily abuse any information that you enter for other malicious activities like identity theft and financial fraud.<\/p>\n<figure class=\"wp-block-image aligncenter size-full\"><img decoding=\"async\" loading=\"lazy\" width=\"448\" height=\"703\" src=\"https:\/\/www.malwarebytes.com\/wp-content\/uploads\/sites\/2\/2024\/08\/site1.png\" alt=\"Tolls by Mail website mimicked by a scammer\" class=\"wp-image-116422\" \/><figcaption class=\"wp-element-caption\">Tollsinfosny[.]com mimicking the legitimate Tollsbymailny.com<\/figcaption><\/figure>\n<p>These attacks are not just increasing in numbers in the US, smishing scammers are also targeting people in Australia, Canada, and Japan now.<\/p>\n<h2 class=\"wp-block-heading\" id=\"h-how-to-avoid-falling-for-a-smishing-scam\">How to avoid falling for a smishing scam<\/h2>\n<ul>\n<li>Check the phone number that the text message comes from. Some of the scams above were easy to dismiss because they came from telephone numbers outside the US.<\/li>\n<li>Look for the actual site that handles the alleged toll fees and compare the domain name. Sometimes there is only a small difference, so inspect it carefully.<\/li>\n<li>If you decided to pay, an alarm should go off if you don\u2019t receive confirmation. Official toll agencies will send confirmation after collecting payments. If you don\u2019t receive confirmation, it\u2019s time to investigate and maybe freeze your credit card.<\/li>\n<li>Never interact with the scammer in any way. Every reaction provides them with information, even if it\u2019s only that the phone number is in use.<\/li>\n<li>If you think the toll fee is feasible because you have indeed travelled in that area, check on the official toll service&#8217;s website or call their customer service number.<\/li>\n<li>The FBI asks that if you receive a suspicious message, contact the FBI Internet Crime Complaint Center at <a href=\"https:\/\/www.ic3.gov\/\">ic3.gov<\/a>. Be sure to include the phone number from where the text originated, and the website listed within the text.<\/li>\n<\/ul>\n<h2 class=\"wp-block-heading\" id=\"h-involved-domains\"><strong>Involved domains<\/strong><\/h2>\n<p>myturnpiketollservices[.]com<\/p>\n<p>nytollservices.com<\/p>\n<p>tollsinfosny[.]com<\/p>\n<p>tollsinfonyc[.]com<\/p>\n<p>bayareafastraktollservices[.]com<\/p>\n<p>intollroadacc219[.]com<\/p>\n<p>toll-sunpass[.]com<\/p>\n<p>tollnyezpassweb[.]com<\/p>\n<p>indiana260roadtollac[.]com<\/p>\n<p>inweb-tollroadtrust[.]com<\/p>\n<p>in-tollroadgouv1[.]com<\/p>\n<p>newyorktollroadtrust1[.]com<\/p>\n<p>nyserviceezpass[.]com<\/p>\n<p>intrust-tollroadweb[.]com<\/p>\n<p>sunspass[.]com<\/p>\n<p>sunspasstollsservices[.]com<\/p>\n<p>sunpasstollservices[.]com<\/p>\n<p>tollsbymailsny[.]com<\/p>\n<p><strong>Several of these were hosted at the IP:<\/strong><\/p>\n<p>45.8.92[.]38<\/p>\n<hr class=\"wp-block-separator alignfull has-alpha-channel-opacity is-style-wide\" \/>\n<p><strong>We don\u2019t just report on phone security\u2014we provide it<\/strong><\/p>\n<p>Cybersecurity risks should never spread beyond a headline. Keep threats off your mobile devices by\u00a0<a href=\"https:\/\/www.malwarebytes.com\/ios\">downloading Malwarebytes for iOS<\/a>, and <a href=\"https:\/\/www.malwarebytes.com\/android\">Malwarebytes for Android<\/a> today.<\/p>\n<p><a href=\"https:\/\/www.malwarebytes.com\/blog\/news\/2024\/08\/sms-scammers-use-toll-fees-as-a-lure\" target=\"bwo\" >https:\/\/blog.malwarebytes.com\/feed\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p> Scammers are increasingly using toll fees as a lure in smishing attacks with the aim of grabbing victims&#8217; personal details and credit card information. <\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10488,10378],"tags":[32,12795,10438,31828],"class_list":["post-25120","post","type-post","status-publish","format-standard","hentry","category-malwarebytes","category-security","tag-news","tag-smishing","tag-threats","tag-toll"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25120","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=25120"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/25120\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=25120"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=25120"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=25120"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}