When you purchase through links on our site, we may earn an affiliate commission.Heres how it works.

A widespread SMS scam is targeting thousands of smartphone users in the US.

Fraudsters are sending bogus texts demanding payment for unpaid road tolls.

A person holding a phone looking at a scam text with warning signs around

An example of the kind of texts used in this widespread SMS scam

Reports of thesmishing scamfirst surfaced last year.

Since then, the scale of the scheme appears to have grown.

Each SMS claims to be from a legitimate toll service and states that there is an unpaid fee.

A hand holding a phone showing an example of an SMS scam text about poll charges

An example of the kind of texts used in this widespread SMS scam

A URL is then provided, which directs uses to a bogus payment page.

This page is designed to look convincingly like a legitimate toll service payment website.

It will often feature a logo, business name and street address.

Phone scammer

It will also state the supposed time and date of the unpaid fee.

A threat actor leveraging the same naming pattern has registered 10K+ domains for various #smishing scams.

They pose as toll services for US states and package delivery services.

Root domain names start with “com-” as a way to trick victims.

Sometimes it will also request sensitive personal information, such as your driving license number.

If you submit this information, youre actually giving it to the fraudsters, exposing yourself to identity theft.

Reports also suggest that there are variations of the scam.

One screenshot weve seen claims to be from the City of New York.

For some recipients, this could make the message more believable than a generic alert.

Recent intelligence from Palo Alto Networks Unit 42 reports that scammers have registered more than 10,000 domain names.

Each of these is designed to be ambiguous enough that a casual glance might not reveal the deceit.

If you receive an unexpected SMS about unpaid toll fees, theres a good chance its a scam.

Pause before you act on any information in the message and dont choose any links.

Pay attention to details in the message.

Scam texts will often feature grammatical errors or formatting inconsistencies, such as the placement of punctation.

A closer look at the URL will often reveal that its illegitimate, too.

If in doubt, communicate with the genuine toll service in question.

Never smack the link in the SMS.

you’ve got the option to do this on theIC3 website.