Reports to the Federal Trade Commission’s Consumer Sentinel Network shows losses to text scams have skyrocketed even as the number of reports declined. In 2024, people reported $470 million in losses to these scams, more than five times the 2020 number. 

One of the biggest text scams today? Fake toll alerts. 

In this post, we will dive into: 

• What Are Toll Scam Texts and Why Are They Rising?

• How Brand Impersonation Enables These Attacks

• What Happens When Toll Agencies Don’t Act

• How Toll Authorities Can Prevent Scam Attacks

• How Brand Protection Software Helps Toll Agencies

What Are Toll Scam Texts and Why Are They Rising?

Toll text scams target drivers with fraudulent messages urging them to click a malicious link to pay an unpaid balance — and they are hitting more consumers every day. In 2024, the FBI’s Internet Crime Complaint Center received more than 60,000 complaints reporting an unpaid toll scam. 

And, we expect the number of toll scams is much higher in 2025. In just the state of Utah, the spike in the number of URLs that Netcraft detected related to DMV and toll scam activity has grown by more than 200% in the past 2 weeks. 

Why are they so prevalent? These text scams utilize smishing, a social engineering attack that uses fake text messages to trick people into downloading malware, sharing sensitive information or sending money to hackers. The term is a combination of "phishing,” which is an umbrella term for social engineering attacks, and “SMS” or "short message service,” which refers to text messages received on a mobile device.  

Smishing is a relatively cheap method that cybercriminals can use to carry out attacks. Sending mass texts can be very inexpensive, with some per-message rates as low as $0.01 per SMS for large volumes. And, bad actors need very little infrastructure to launch a smishing campaign and can easily acquire lists of phone numbers to target for a low cost. 

Toll text scams are a popular choice for fraudsters because they take advantage of the inherent trust that consumers have for government entities and legitimate agencies that many consumers are used to interacting with. In addition, cash-free toll lanes have popped up in more places across the United States, making it easier for bad actors to pretend that you have an unpaid toll. This makes them a perfect target for brand impersonation. 

How Brand Impersonation Enables These Attacks

From FasTrak to TxDot to E-ZPass to SunPass, cybercriminals have a plethora of toll agencies that they can impersonate to trick drivers into sharing their personal and financial information through smishing attacks.

Tools to detect these phishing-style impersonation attacks or smishing attacks typically look at a few key elements: 

• Spoofed Domains and URLs: Bad actors will register look-alike toll websites that they will trick consumers into visiting to pay a bogus charge.

• Stolen Branding: The core mainstay of brand impersonation is copying a brand’s identity, such as logos, trademarks, and messaging, to make their fraudulent sites look like real agency sites.

• Spoofed SMS IDs: Fraudsters will spoof messages to make them appear to be from the actual toll provider. Spoofing is when a caller deliberately falsifies the information transmitted to your caller ID display to disguise their identity. 

What Happens When Toll Agencies Don’t Act

When toll agencies don’t act quickly to stop these text scams, they can not only damage reputation, but overload support channels and lead to increased legal or media pressure as people scrutinize a toll agency’s failure to act. 

The reality is that governments manage massive amounts of sensitive data to deliver effective services for their citizens — with notoriously limited security budgets, making them an attractive target for cybercriminals. 

• Reputational Fallout: Citizens may stop trusting toll alerts or digital tolling platforms. Over time, toll agencies lose credibility and trust, which can lead to an increase in customer calls and complaints.
  
  
  

• Support Overload: Toll agencies may be flooded with incoming calls, emails, and website inquiries from concerned customers who have received the scam texts.
  
  
  

• Legal or Media Pressure: Inaction by toll agencies could lead to policy scrutiny or investigations. While the toll agency isn’t liable for a data breach since scammers have exploited customer habits and trust to trick consumers into sharing personal information, the agency may face legal implications related to how effectively they educate and warn customers about these scams. 

To combat ongoing and growing toll text scams, toll agencies need to invest in solutions tailored for public-sector threat environments. 

How Toll Authorities Can Prevent Scam Attacks

The best way that toll authorities can prevent toll scams from targeting their organizations is to be proactive. An effective brand protection and monitoring strategy will: 

• Monitor Spoof Domains: Brand protection platforms can flag suspicious domain registrations that are trying to impersonate a legitimate toll agency. And, the best platforms will immediately take action to remove the fraudulent site. This includes working with domain registrars, hosting providers, and search engines to take down the site, and contacting relevant authorities when necessary.

• Collaborate with Carriers: Telecom providers should be a key partner in combating smishing attempts. Toll agencies should submit scam numbers to these telecom providers for takedown as soon as they are detected. Faster takedowns will reduce risk to the agency and protect more consumers from harm. 

• Public Education: Educating consumers on what to look for is critical. Proactive education should focus on: 

  • Ensuring consumers are aware of how toll agencies will primarily communicate. For instance, many toll authorities don’t use text messages. Simply knowing this can save many consumers from falling prey to fraudulent messages. 

  • Educating consumers on common scam tactics and red flags, such as spelling errors, grammatical mistakes, unusual sender addresses, and requests for personal information in unsolicited messages. 

  • Advising customers to be cautious of unsolicited messages, especially those requesting immediate action or containing suspicious links. 

  • Encouraging consumers to report scams to the authorities so that they can take action to stop them. 

How Brand Protection Software Helps Toll Agencies

Brand protection solutions like Netcraft can help government entities and agencies safeguard their organizations and consumers from phishing and smishing attempts by providing: 

• Real-Time Threat Detection: Brand protection tools, powered by AI and human expertise, can operate 24/7 to detect fraud, impersonation, and online brand abuse when it happens. Real-time alerts tell agencies when an impersonation attempt occurs so that they can take immediate action to disrupt and takedown attacks. 

• Domain and SMS Monitoring: Ongoing monitoring and tailored dashboards can detect things like fraudulent short links, fake payment portals, and sender spoofing.
  
  
  

• Automated Remediation: Most importantly, brand protection software can automatically initiate domain takedowns to minimize the impact to the organization and its consumers. In addition, the software can generate compliance-ready reports, making sharing critical incident data and events simple.
  
  
  

FAQ About Toll Scams and Brand Impersonation

Are toll scams more of a cybersecurity issue or a PR issue?
It’s both. Technical detection is essential, but public communications protect agency trust.

Can brand protection tools monitor SMS scams?
Yes. These tools detect phishing-style URLs in texts and trace back scam domains.

What should we do if someone impersonates our toll agency?
Document the impersonation, notify law enforcement, and engage a platform like Netcraft for monitoring and takedown.