A widespread SMS phishing campaign has been targeting toll road users across eight U.S. states since October 2024, according to cybersecurity researchers at Cisco Talos. The fraudulent operation aims to steal financial information by impersonating legitimate electronic toll collection systems like E-ZPass.
The sophisticated scam spans Washington, Florida, Pennsylvania, Virginia, Texas, Ohio, Illinois, and Kansas. Victims receive text messages claiming they have unpaid toll fees, along with fraudulent payment links.
The operation stems from a Chinese SMS phishing service called Lighthouse, which sells specialized "smishing kits" developed by an individual known as Wang Duo Yu. These kits, priced between $20-50, enable criminals to launch large-scale phishing attacks.
When targets click the scam links, they encounter a fake CAPTCHA challenge before being redirected to counterfeit E-ZPass payment pages. The fraudulent sites harvest personal data and financial details entered by unsuspecting users.
Multiple cybercrime groups are deploying these kits, including an organization called the Smishing Triad. This group has previously targeted postal services in over 120 countries using similar tactics.
The scammers have employed advanced techniques like "Ghost Tap" to add stolen card details to mobile wallets for easier cash-outs. The phishing kits also contain hidden backdoors that send captured data back to their creators - a practice known as "double theft."
Researchers note that blocking these attacks has proven challenging, as the criminal operation has utilized more than 60,000 domain names. The scammers leverage underground bulk SMS services to target millions of users simultaneously across different regions.
As of March 2025, the group has reportedly shifted focus to a new phishing campaign targeting banks and financial institutions in Australia and the Asia-Pacific region.
Law enforcement and cybersecurity experts advise toll road users to be extremely cautious of unexpected text messages about unpaid fees and to verify any payment requests through official channels.