Squashing Smishing in Tolling Has Poven to Be Difficult

The tolling text scams that arose this Spring in several U.S. markets have continued to be a persistent problem, with waves of fraudulent texts prevalent throughout the nation.

Millions of Americans fall victim to identity theft and scams like smishing and phishing each year in the U.S. in all business sectors. Criminals often use these scams to commit financial fraud by gaining access to personal information from unsuspecting victims. Security is a top priority for U.S. toll operators. The high-level of commitment to keeping toll customer information secure is evident in the combination of state-of-the-art technology and sophisticated operating practices designed to protect information security. Toll operators' vigilance in protecting systems, data, and customer information has been effective, with no known toll data or toll system security breaches. Despite high standards and strong protections, scams are damaging to the public trust and confidence in electronic toll collection systems.

The Naure of the Scam. The tolling text scams are clever and opportunistic. The fraudulent messages communicate low toll values owed, combined with the sense of urgency to avoid potentially high fees and risks of vehicle registration or license suspensions. The combination often tricks victims into providing details of their personal information. Targeted phone numbers appear to be chosen at random and not necessarily associated with toll accounts or use of toll roads. Scammers have been growing in their sophistication, including more authentic looking web sites and believable sounding URLs.

The Industry Response. FBI complaint filings and investigations have been active from the outset of the problem and are ongoing. Many state criminal investigative units are actively investigating these scams, with several states actively shutting down illegitimate sites as they are discovered. Toll operators have consulted with national vulnerability research teams to help disclose and patch software vulnerabilities, such as some in the popular Adobe Acrobat Reader software. These resources also help to identify, research, and document threats and threat actors. The toll agencies are also actively communicating to drivers, warning of these scams and communicating how drivers can protect themselves from becoming a victim. Alerts on agency and account management websites, social media posts, and proactive emails to customers are all helping to make the public aware of the scams. Pre-recorded messages have been added to many tolling call center lines informing customers of the scams. But since the messages are sent to the public at large, not just toll account holders or toll road users, local broadcast and news media have been active and highly effective in reporting to a broad cross section of local communities, increasing awareness and measures of protection.

What Drivers Should Know. Motorists must understand that toll agencies never seek immediate payment or urgent actions via text message. If there are questions about tolls due, drivers should always contact toll agency customer services independently and directly, and not rely on third-party text messages. Customers should be warned to never click on a link in text message and never offer personal or financial information through unsolicited messages. Drivers traveling new routes, especially during the summer driving season, are encouraged to familiarize themselves with the toll roads on their route before making the trip to avoid confusion. More information on scams and fraud are available at https://www.usa.gov/scams-and-fraud. Drivers can find complaints from others, including language that has been used, at the Better Business Bureau's Scam Tracker at BBB.org.

What Customers Should Do If They Think They Have Been Victimized. Mobile device owners who receive suspicious tolling text messages should delete them without clicking on the link. Anyone who may have clicked on a fraudulent link and provided any personally identifiable information should immediately contact their bank or credit card provider to secure their information and financial accounts. It is important for victims of SMS tolling text scams to file a complaint with the FBI's Internet Crime Complaint Center (IC3) and be sure to include the phone number from where the text originated and the website listed within the text. Individuals with questions about tolls incurred should check their account using the toll service's legitimate website or contact the toll agency's customer service phone number.

Not unlike road safety, digital safety and safeguards are a matter of common-sense actions and careful attention to protecting personal information. Be cautious, slow down, and question things before responding. The little things add up. So, whether you are driving on the road or managing your electronic payments, let's all Be Safe Together!