HQ/EMEAFind out how we can help your business
A newly discovered ongoing phishing operation that mimics E-ZPass and other toll agencies has increased recently. Based on reports, numerous people are receiving iMessage and SMS texts containing personal and credit card information.
The messages contain links that, once recipients click, redirect them to a phishing site that impersonates toll authorities, such as E-ZPass, The Toll Roads, FasTrak, and the Florida Turnpike. This tactic would allegedly allow threat actors to steal personal info such as names, email addresses, physical addresses, and credit card numbers.
Authorities stated that this scam is not new, as they already released warnings about it last year. However, researchers recently observed and received reports of new instances of this phishing effort.
The SMS messages also bypass anti-spam techniques and appear to be sent from seemingly random email addresses. This detail implies that the operators use automation to disseminate the phishing messages.
Most of the observed scam SMS claims to be from E-ZPass.
The scam SMS claims to be from E-ZPass or the Department of Motor Vehicles. These messages include wording that conveys a sense of urgency, such as the toll must be paid within a day, additional prices for non-compliance, or revocation.
On the other hand, the Apple iMessage automatically disables links in messages from unknown senders to safeguard users against SMS phishing attacks. To circumvent this security feature, the scammers prompt visitors to react to the text, making the links clickable.
Tapping on the offered link brings the victim to an E-ZPass phishing site that appears authentic aside from the URL. Researchers tested the action and uncovered that the phishing website only appears on mobile devices. Hence, desktop users would not notice it.
The volume of texts sent in this scam is so massive that numerous users have expressed annoyance with the amount and persistence of specific phishing attempts. Recent reports claimed that these messages are sent about seven per day.
Although the origin of the emails has yet to be confirmed, a growing phishing-as-a-service platform could be linked to these schemes.
Users who receive such messages should block and report the number to relevant parties. Lastly, users should avoid replying to these frauds because they would attract cybercriminals and could be targeted for future attempts.
