Drivers across the United States are receiving text messages that claim they owe a few dollars in unpaid tolls, and federal agencies say the real cost of responding is far higher than the amount demanded. The FBI’s Internet Crime Complaint Center has logged over 2,000 complaints about these fraudulent texts since early March 2024, with the messages impersonating toll services like E-ZPass and ExpressToll to harvest credit-card numbers. The campaign has drawn warnings from the Federal Trade Commission, at least two state governments, and the Associated Press, yet no arrests or attribution to a specific criminal group have been announced.
Low-dollar toll texts and the card-testing logic behind them
The scam works because the ask is small. Each text claims the recipient owes a minor toll balance and provides a link to pay it. That link leads to a page designed to collect bank or credit-card details, and in some cases a driver’s license number, according to the FTC alert. By keeping the supposed debt trivial, the senders lower the psychological barrier to compliance. A driver who might question a $200 charge is far less likely to hesitate over what looks like a $6.99 balance.
That pattern aligns with a well-known fraud tactic called card testing. Criminals validate stolen card numbers with tiny charges before attempting larger purchases. The low-dollar toll demand serves a dual purpose: it tricks victims into handing over fresh card data and simultaneously trains them to treat the fraudulent sender as a legitimate billing entity. Colorado’s Department of Transportation flagged another telling detail. Some of the texts arrived from numbers using the +63 country code, which corresponds to the Philippines, suggesting the operation has an overseas component. CDOT and the Colorado Transportation Investment Office stated plainly that they do not text for payments, emphasizing that any message asking for toll money by SMS should be treated as suspicious.
Federal and state agencies confirm the same playbook
The FBI’s public service announcement describes a consistent method: victims receive a text with a small outstanding toll amount, a link that impersonates a legitimate toll service, and a phone number that changes between messages. The rotating numbers make it harder for carriers to block the campaign at scale and complicate any effort to trace the senders through standard telecom records. The IC3 notice also urges anyone who receives the texts to file a complaint and avoid clicking the embedded link, even if they believe they may actually owe a toll.
State-level responses echo the federal findings. New York Governor Kathy Hochul issued a consumer alert warning residents about E-ZPass text scams, and Colorado’s transportation office published an example of the fraudulent message so drivers could recognize it. The FTC’s guidance adds that clicking the link can expose personal data well beyond payment information, including details that could support full identity theft. Officials stress that legitimate toll agencies typically use mailed invoices, online accounts, or dedicated apps to communicate, not unsolicited texts that demand immediate payment.
None of these agencies, however, have released internal investigation logs, arrest records, or telecom trace data that would pin the campaign on a specific criminal organization. Public statements so far focus on consumer protection rather than attribution, leaving open questions about how the operation is funded, whether it is tied to a known cybercrime group, and how the stolen data is ultimately monetized.
Gaps in attribution and what drivers should do now
The public record so far establishes the scale and mechanics of the scam but leaves significant questions open. The IC3’s complaint count of over 2,000 reflects reports filed voluntarily, which typically represent a fraction of actual incidents. No federal agency has published estimates of total financial losses, and officials have not said whether the same group is behind every wave of toll-themed texts nationwide or if multiple crews are copying a successful script.
For individual drivers, those uncertainties matter less than the immediate steps they can take to stay safe. Security officials advise treating any text about unpaid tolls as untrusted by default. Instead of tapping the link, drivers should navigate directly to the toll authority’s official website by typing the address into a browser or using a saved bookmark. If they use a transponder system like E-ZPass, they can log in through the normal portal to check for outstanding balances. Calling the phone number printed on a toll bill or listed on an official government site is another way to verify whether a payment is actually due.
Experts also recommend basic hygiene for mobile devices and financial accounts. Keeping phones updated can reduce the risk that a malicious link exploits software flaws. Enabling alerts from banks and credit-card issuers can help catch small, unexpected charges that might indicate card testing. If someone does click a suspicious toll link and enters information, they should contact their bank immediately, request a new card, and monitor statements closely for unauthorized transactions.
Finally, reporting remains a crucial piece of the response. Victims and near-misses alike can file complaints through the IC3 website and with state consumer protection offices. Those reports help investigators map how the scam is spreading, which brands are being impersonated, and which phone numbers or domains are in active use. Even without a clear culprit identified, the accumulating data can support takedown efforts, inform carrier-level blocking, and shape future warnings so fewer drivers are caught off guard by a text demanding a few dollars that could cost them far more.



