Researchers find dozens of fake E-ZPass toll websites after FBI warning

Summary: Cybersecurity researchers have discovered almost 30 phishing websites that are impersonating the electronic toll collection service E-ZPass, following an FBI warning about smishing attacks targeting road toll collection services.

Threat Actor: Unknown threat actor | Unknown threat actor
Victim: E-ZPass customers and users of road toll collection services

Key Point :

  • Cybersecurity researchers have identified nearly 30 newly created domains related to tolls, 15 of which are likely to be used for phishing, malware, or spam.
  • The scam involves sending fake text messages to victims, claiming they have an outstanding balance on their toll account and directing them to a hacker-controlled website to settle the balance.
  • The phishing websites primarily target E-ZPass customers traveling on the New Jersey Turnpike and Florida’s SunPass.
  • The campaign started in early to mid-February, with the threat actors initially representing themselves as a toll collection authority for the State of New York.
  • The websites used in the campaign lack data quality controls and checks to ensure legitimate user input, indicating a relatively low sophisticated campaign.
  • Smishing campaigns like this have become more popular among cybercriminals as websites increasingly require SMS verification.

Cybersecurity researchers have found almost 30 phishing websites spoofing the electronic toll collection service E-ZPass following an FBI warning last week.

The FBI said in an alert that since early March the Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing texts impersonating road toll collection services from at least three states. 

Smishing is a social engineering attack using fake text messages to trick people into downloading malware, sharing sensitive information, or sending money. The complaints seen by the FBI indicate “the scam may be moving from state-to-state,” they said. 

The messages use a state toll service name and say the victim has an outstanding balance on their account. To avoid a late fee, the texts say victims need to visit a website to settle the balance. The sites are hacker-controlled.

The FBI notice does not say which states are being targeted, but Pennsylvania has repeatedly warned its residents of the scams and urged victims to contact the FBI if they clicked on the link erroneously. 

The texts are largely the same for victims in each state aside from the link that it asks people to click on — all of which are designed to “impersonate the state’s toll service name,” according to the FBI. The FBI added that the phone numbers appear to change between states.

Researchers from cybersecurity firm DomainTools told Recorded Future News that they have found nearly 30 newly created domains related to tolls, 15 of which have a “high chance of being weaponized for phishing, malware, or spam.” 

None of them have been blocklisted yet, according to DomainTools, which suggests that toll scams will continue on and may accelerate. 

The company’s researchers said many of the scam sites appear to target E-ZPass customers traveling on the New Jersey Turnpike as well as Florida’s SunPass. 

“The domains identified during our investigation indicate the campaign likely started in early to mid February with the threat actors representing themselves as a toll collection authority for the State of New York,” said Austin Northcutt, solutions engineer at DomainTools. 

“The campaign picked up its cadence in Mid-March when it began using New Jersey Turnpike-themed domains and then expanding to other states. As for the website being used to conduct the campaign, the threat actor appears to be using a browser filter and phishing page that only loads for mobile browsers.” 

Northcutt noted that there is evidence that this a “relatively low sophisticated campaign” because the websites do not have data quality controls or checks to ensure the user input is legitimate. 

DomainTools shared screenshots showing that all the sites are directing victims to make payment or collect information that would facilitate a future payment. Many of the websites also only allow mobile traffic, they added. 

Smishing campaigns have grown in popularity among cybercriminals as websites increasingly require SMS verification.

New York City recently had to close off a website for city workers following a smishing campaign that spoofed the platform and attempted to steal login information. 

Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

Source: https://therecord.media/researchers-find-dozens-of-ezpass-spoofs


“An interesting youtube video that may be related to the article above”