You’re loading the car for a long weekend on the road when your phone buzzes: a short, official-looking text about a $4.15 unpaid toll, with a link to pay before late fees pile up. It feels routine. It is not. That message is a scam, and it is flooding phones across the country right now, timed to hit when holiday traffic puts tens of millions of drivers on toll roads.
Here is the single fact that makes every version of this text easy to spot: no legitimate toll agency in the United States sends payment links by text message. The Federal Trade Commission and the FBI’s Internet Crime Complaint Center (IC3) have both published advisories saying exactly that. In its April 2024 public service announcement, the IC3 reported logging more than 2,000 complaints about toll-themed smishing texts. That figure is the last publicly reported total; federal officials have said the actual volume is likely far higher now, with sharp climbs since that advisory and predictable spikes around holiday weekends when road travel surges.
How the toll text scam works
The playbook barely changes from one state to the next. A text arrives that appears to come from a familiar tolling brand. It warns of a small outstanding balance and pushes the recipient to tap a link before penalties kick in. That link opens a convincing but entirely fake payment page designed to harvest credit card numbers, billing addresses, and sometimes driver’s license information.
Scammers customize the branding to match whatever toll system operates locally. In New York, the texts mimic E-ZPass notices so closely that Governor Kathy Hochul’s office issued a specific warning in January 2024, later reiterated in 2025, noting that many of the messages arrive from foreign phone numbers and direct drivers to websites with no connection to the state’s actual payment portal. Similar impersonations target SunPass users in Florida, FasTrak users in California, and other regional systems across the country.
The dollar amounts stay low on purpose. A charge of $3.50 or $6.99 feels too small to question and too routine to remember, especially for drivers who pass through electronic toll lanes regularly. The urgency language does the rest: threats of late fees, collections referrals, or license suspension are engineered to override the moment of skepticism that might otherwise stop someone from clicking.
One important detail many people miss: you do not need to have a toll account to receive these texts. Scammers blast them to massive lists of random phone numbers. If you have never driven on a toll road in your life and still get one of these messages, that alone tells you it is fake.
Once a victim enters payment details, the damage can escalate fast. Some fake sites also prompt for a one-time passcode sent by the victim’s bank, which lets criminals bypass two-factor authentication and attempt charges in real time. Even if the card is declined, the harvested personal data can be bundled and resold for future identity theft.
What federal agencies say, and what they advise
The FTC’s consumer alert is blunt: texts about unpaid tolls are almost always scams. The agency tells consumers not to click links in unsolicited messages, not to reply, and instead to verify any supposed balance by logging into their toll account through a saved bookmark, an official app, or a phone number printed on a billing statement or transponder packaging. Real toll agencies do not suddenly demand payment through a text message without prior notice through their established channels.
The FTC’s broader fraud data reinforces why this particular scam works so well. In its 2023 and 2024 reporting on text-based fraud, the agency found that impersonation of banks and financial services is the most frequently reported category of smishing. The toll variant borrows the same formula: manufacture a small, believable problem, inject urgency, and funnel the target to a look-alike site. It succeeds because people expect important alerts to arrive on their phones and often act on them reflexively, especially while distracted by travel.
Both the FTC and the FBI encourage anyone who receives a suspicious toll text to forward it to 7726, the universal “SPAM” shortcode recognized by all major U.S. wireless carriers. Carriers analyze those submissions to identify sender accounts, domains, and message patterns, then use that intelligence to block similar texts before they reach more phones. Anyone who has already clicked a link or shared financial information should take these steps immediately:
- Contact your bank or card issuer to freeze or replace the compromised card.
- Change passwords on any accounts that share the same credentials.
- Place a fraud alert or credit freeze through one of the three major credit bureaus (Equifax, Experian, or TransUnion).
- File a report at ReportFraud.ftc.gov, which feeds into federal law enforcement databases.
Why the scam is so hard to stamp out
Several factors make these campaigns stubbornly difficult to disrupt. Many of the texts originate overseas and are routed through online messaging platforms that obscure the true sender, complicating both identification and prosecution. No public enforcement data has tied specific arrests or takedowns to toll-themed smishing campaigns, and investigators have not said publicly whether the scam is run by a few coordinated groups or a loose network of copycats reusing the same template kits.
The fragmented structure of U.S. tolling adds another layer of confusion. Dozens of agencies operate independently across the country, and there is no single national authority that can issue a unified “we never text payment links” statement. Some individual operators have published their own warnings, but drivers who travel across state lines may not know which agency to contact, or even which system charged them, when a suspicious text arrives. That patchwork is exactly what scammers exploit.
Technology has also tilted the odds in the scammers’ favor. As more phones default to rich messaging formats like iMessage and RCS, phishing links can render as tappable buttons or previews that look more polished and trustworthy than a raw URL in a plain SMS ever did. The visual upgrade makes it harder for recipients to spot something off about the link before they tap it.
One rule covers every version of this scam
Until enforcement catches up, the most effective protection is also the most straightforward: if a toll text shows up on your phone, do not tap the link. Open your toll account directly through a browser bookmark, the official app, or by calling the number on your last statement. If no balance appears there, the text is fake. If you do not have a toll account at all, the text is fake. Delete it, forward it to 7726, and get back to your weekend.
Treating every unsolicited toll text as a scam until proven otherwise is not overcautious. It is the explicit recommendation of every federal agency that has weighed in on the subject.
David M. Keller is a finance writer based in Columbus, Ohio, covering personal finance and consumer-focused economic topics. He earned his degree in journalism from Ohio University and began his career reporting on local business and economic trends for a regional media outlet. Since then, he has contributed to a variety of online publications, focusing on clear, practical coverage of topics such as cost of living, debt, and everyday financial decision-making.
