Highway toll text scams are on the rise, and Apple can't completely stop them
Highway text scams are a big problem that's continuing to grow with the use of at least 60,000 domain names. There's little Apple can do about it, but you can protect yourself. Here's what's going on.
Cars at an automated toll - Image Credit: David McElwee/Pexels
Owners of iPhones and other smartphones across the United States are routinely plagued by text message scams. For scam messages about alleged automated toll road fees, the problem is getting worse.
According to Trend Micro, there has been a 900% increase in searches for "toll road scams," a sign that more people are being affected by the criminal activity.
It's a common-enough scam that members of AppleInsider's editorial team has received them. One does actually have an EZ-Pass that they use regularly.
The effects are also being felt by law enforcement. The FBI has issued a warning not to respond to such scam messages, after it had received more than 2,000 complaints in the last month.
A breakdown of a scam
On the face of it, the scam is simple to understand. Messages are sent out to potential targets, claiming that if they don't pay a lane toll, they could receive a fine or a worse penalty. The messages can vary by state, such as by referencing the widely used EZ-Pass, or specific Florida Sun Pass or Texas Tag systems, to make them slightly more believable to victims.
The cost demanded, a few dollars, is also seen as very low and easily payable barrier to avoid further penalties. However, the real reason for the scam is for the scammer to acquire the personal information and payment details of the victim, which can then be abused to siphon off even more funds in future.
SCAM alert: Seeing reports of texts from "toll authorities" threatening increased fines/suspended license for unpaid tolls. Do not click the link!
Some hints it's a scam: We never refer to ourselves as the DMV. We also never contact you via unsolicited text#wyoroad pic.twitter.com/xbFVK3Q6C7-- Wyoming Department of Transportation (@WYDOTNews)
The rise of the scam is partly down to the relatively cheap cost to scammers in the first place, combined with its effectiveness.
This includes buying domain names that victims are sent to in order to pay the "fines." It is believed that there are at least 60,000 domains in use, which probably cost the criminals about $90,000.
The bulk buying of phone numbers is also relatively cheap for gangs, allowing them to secure the details of many potential victims. The cost is so low, they can send out millions of texts as part of their campaign.
Apple safety feature failure
Despite the sheer number of domains and the prevalence of the scam, it's still something that has continued to grow. The perpetrators are believed to be largely Chinese criminal gangs, after domains were tracked back to Chinese networks.
With it being so much of a danger, it's expected that companies like Apple could step in and thwart the scheme. The problem is, Apple has actually tried to do something about it.
Anybody getting these scam toll text messages lately? The instructions provided to get around Apple's security feature is laughable pic.twitter.com/7X0DeWkbQ0
-- D. Alex Vaughn (@iAmDAlex)
An iPhone safety feature is meant to strip the link out from text in a message, making it easier for consumers to check whether the link is legitimate or a scam.
Unfortunately, those operating the messaging scheme have come up with ways to avoid Apple's safety feature. However, the messages often request a reply from the user of the letter "Y" and to re-open the text to see an active link.
Protecting yourself
While there is little anyone can do to stop the messages from coming through, there are still things users can do about it.
For a start, iPhone users can block and report the email address or phone number sending the scam messages. This can be done on the iPhone, blocking further messages from those origins, but it won't prevent attackers from sending them from a different number or address.
In a repeat of guidance from 2024, the FBI also advises anyone receiving the scam messages to file a complaint through the IC3 Internet crime complaint center. After filing the complaint, delete the messages.
Read on AppleInsider
Comments
And it’s equivalent couldn’t give a rat’s áss if I had unpaid tolls.
If you think you got one, go directly to the agency that deals with tolls.
Some toll agencies do offer text messaging to keep you informed about your account. Our SunPass is one of those. You're correct that they won't attempt to collect a toll that way, but folks would be forgiven for accepting that a DOT might be texting them about their toll accounts for legitimate reasons.
Here's the thing that is so laughable about these scams, at least the one's I've received, the country code is in the sender's incoming text. I happen to live in a country with an easy to remember country code of '1' . The toll scams I've been getting are coming from all over the world. The last one was from the Philippines and the previous one from the UK. If you're getting a text from another country, especially one that's 8300 miles away, that in itself should raise a flag, at least for SMS messages coming from outside of the country or region in which you drive.
the lowest cost servertime, the ability to buy thousands of phone numbers makes it all too easy.
Just the cost of doing business in the USofamerica.
TransUrban send email messages that look like a scam!
Only use the APP is the response, just delete all messages.
Is it a text message? If yes, then it’s a scam.
Obvious exceptions for self-initiated 2FA and friends/family. But otherwise just assume all text messages are a scam and delete it. And even with some friends/family… I’m sure I’m not the only one with an extended family member of… questionable-integrity, lol.
just saying …. A nice follow up would be collating the sources and reporting them to the proper police authorities.