If you owe money for tolls, you’re unlikely to get a text about it. But scam text messages are hitting cellphones across the nation telling customers to pay up.
Don’t click the link. Don’t copy the link into a browser. This type of scam, known as “smishing,” could lead to malware on your phone or sharing sensitive information or money with hackers.
Here’s what’s happening.
The scam texts try to impersonate the toll service in your state – for example, if you live in California, the text will likely say it’s from FastTrak. If you live in New York, or one of the 19 other states that use E-Z Pass, it will probably claim to be from them. However, it also seems a popular tactic for scammers is simply to send the texts out en mass and hope something sticks, meaning you may get a text claiming to be from a toll company in a state you’ve never visited.
RiverLink, the official tolling agency in Kentucky and Southern Indiana, has been warning customers about the fraudulent texts.
One Louisville Reddit user shared what their scam text looked like and it read: “Kentucky Toll Road: This is a reminder regarding the unpaid toll from your journey. A overfee will be applied if it is not settled,” then includes a link that is not the RiverLink website.
Sometimes there are typos, like “overfee,” which is not a real word and the text says it is from “Kentucky Toll Road,” instead of RiverLink, which is the official tolling agency in Kentucky and Southern Indiana.
The only way to check if you have an unpaid toll is by checking your account directly at RiverLink.com or by calling their customer service team at 1-855-RIV-LINK.
If you receive a toll agency text message demanding money, the FBI and FTC suggest to do the following:
While the texts vary in style and copy, they tend to share some popular link styles, such as shortened Bitly links that prevent the receiver from seeing the full URL text, or links made to look similar to the real thing, such as having “E-Z pass” in the URL text.
McAfee, one of the most well-known anti-scam and anti-virus software companies nationwide, compiled a list of some of the most popular link style spotted in these texts:
Remember, this list is not exhaustive but is rather a snapshot of some common URL types and formats found in these messages.
Phishing is pronounced like the word “fishing” and is defined by Microsoft as “an attack that attempts to steal your money, or your identity, by getting you to reveal personal information — such as credit card numbers, bank information, or passwords — on websites that pretend to be legitimate.”
Phishing is typically done either via phone call or email.
Smishing is essentially SMS phishing, where the method of trying to steal information is through text message.

source