Morning Overview

That “unpaid toll” text is a scam, and 10,000 fake sites are behind the flood

Millions of Americans who drive through electronic toll plazas are landing in the crosshairs of a fast-growing text message fraud operation. Federal agencies have documented more than 2,000 complaints since early March 2024 describing nearly identical messages that claim the recipient owes a small unpaid toll balance and must pay immediately through a provided link. The messages are not from any toll authority. They route victims to spoofed payment pages designed to steal credit card numbers and personal data, and the financial damage from text-based scams like these reached $470 million in reported losses during 2024.

Why the toll-text wave hit so hard starting in March 2024

The FBI’s Internet Crime Complaint Center logged more than 2,000 smishing complaints tied to fake toll-payment messages beginning in early March 2024. According to the agency’s public service announcement, which details the pattern of these unpaid toll texts, the reports came from at least three states and described the same playbook: an unsolicited message containing a link to a page built to look like a legitimate toll-agency portal. Once a recipient entered payment details, the operators behind the page captured card numbers, billing addresses, and in some cases driver’s license information.

The FBI’s Atlanta field office issued a separate warning after reports surged specifically around Georgia’s Peach Pass system. In that advisory, which focuses on Peach Pass smishing, agents said complaints jumped dramatically starting March 1, 2024, with message wording so consistent across recipients that investigators concluded the texts were generated by an organized operation rather than individual scammers working independently.

One hypothesis for the timing is that scammers gained access to toll-transponder records or vehicle registration data released publicly in multiple states, allowing them to target verified vehicle owners rather than sending messages at random. No federal agency has confirmed that specific mechanism, but the geographic clustering across at least three states and the precision of the lure language point to operators working from structured data rather than blind mass texting. The sheer volume of spoofed sites referenced in security research, sometimes described in the thousands, suggests significant infrastructure investment by the groups behind the campaign.

Federal evidence tying fake toll texts to a broader fraud pattern

The Federal Trade Commission has placed bogus unpaid toll notices among the most prominent categories of text scams affecting consumers. In an April 2025 data spotlight, the FTC reported that Americans lost $470 million to text scams in 2024, a figure that covers all SMS-based fraud but explicitly includes the toll-payment variant as a leading type. That dollar total reflects only what victims reported; actual losses are almost certainly higher because many people never file complaints.

The scam works because the messages create false urgency. A typical text warns that a small balance, often under $10, will trigger late fees or license suspension if not paid within 24 hours. The low dollar amount makes the request seem plausible, and the tight deadline discourages recipients from pausing to verify. Clicking the link leads to a page that mimics a state toll authority’s branding, complete with logos and form fields that mirror real payment portals. The FTC’s consumer alert on toll-related scams advises anyone who receives such a message to avoid clicking and instead contact their toll agency directly through a known, verified website or phone number.

What distinguishes this campaign from garden-variety phishing is its scale and coordination. The IC3 alert, the FBI Atlanta warning, and the FTC guidance all describe the same attack pattern surfacing across state lines within the same narrow window. That consistency suggests a centralized toolkit, likely a phishing kit sold or shared among fraud networks, that can be quickly customized with different state toll-agency branding. Security researchers outside the federal government have identified large numbers of domains registered to support these campaigns, though no official agency has published a verified count of the spoofed sites.

Gaps in the evidence and what drivers should do now

Several questions remain open. No federal source has published a verified tally of the fake domains powering the operation, so the scale of the infrastructure behind the texts is still estimated rather than confirmed. The IC3 and FBI reports identify at least three affected states but do not name all of them or break down which toll systems have been impersonated most often. The FTC’s $470 million loss figure covers all text scams, and no public data isolates how much of that total comes specifically from toll-related fraud. Hosting providers and domain registrars involved in standing up the spoofed sites have not been publicly identified by any federal agency, leaving the supply chain behind the operation largely invisible to the public.

The absence of granular data also means it is not yet clear whether the March 2024 spike was a one-time burst or the start of a sustained campaign that continues to generate new domains and messages. Complaints have been filed through the IC3 and the FTC’s fraud reporting portal, but neither agency has released updated totals since their initial advisories. Without more detailed public reporting, drivers and toll agencies are left to infer trends from anecdotal spikes in messages and local warnings.

For anyone who receives a text claiming an unpaid toll balance, the safest first step is straightforward: do not tap the link. Instead, go directly to the official website of the relevant toll authority by typing its address into your browser or using a bookmarked link, or call the customer service number printed on a toll bill or posted on roadside signage. If you have a transponder account, log in through the app or site you normally use and check your balance there. If the message was legitimate, you will see the same notice inside your account; if nothing appears, you can safely assume the text was a scam.

Consumers can also reduce their exposure by adjusting how they handle unexpected communications. Treat any unsolicited text demanding immediate payment as suspicious, especially when it comes from a generic phone number or short code rather than a contact you recognize. Avoid replying, even with words like “STOP,” because responses can signal to scammers that your number is active. Deleting the message after you have reported it helps prevent accidental clicks later, especially on shared devices.

When a suspicious text arrives, federal agencies encourage victims to take a few minutes to report it. Forwarding the message to 7726 (the spam-reporting number used by many mobile carriers) can help block future texts from the same source. Filing a complaint with the FBI’s Internet Crime Complaint Center or the FTC’s fraud portal adds your experience to the data that investigators rely on to track patterns and prioritize enforcement. While an individual report may not lead to an immediate case, large clusters of similar submissions can help authorities identify new domains, hosting providers, or messaging services being abused at scale.

Toll agencies themselves are beginning to respond with more prominent warnings on their homepages and billing statements, reminding drivers that they do not initiate collection efforts by text and that legitimate notices will direct customers only to official websites or phone numbers. Until more details emerge about who is running the campaigns and how they obtained their targeting lists, the most effective defense remains at the individual level: slowing down, verifying independently, and refusing to pay a supposed toll debt through a link that arrived out of the blue.

More from Morning Overview

*This article was researched with the help of AI, with human editors creating the final content.