During the onset of the Covid-19 pandemic, road authorities around the world accelerated toward a destination they had been nearing for years: cashless tolls.
From New York City's George Washington Bridge to Oklahoma's Chickasaw Turnpike to California's Bay Area bridges, some of the most vital highways in the United States have, over the past 18 months, demolished staffed tollbooths and replaced them with cameras that can snap images of a license plate in a millisecond and bill by mail. In the U.S. more than 55% of toll roads are now cashless.
When you travel—either in a rental car or on a road trip from home—you may not be familiar with the billing mechanism of the toll road you're traveling on.
And as they often do, scammers are seizing on the new confusion by sending fake billing texts to smartphones. The fraudulent messages usually include a link to a fake invoice that, if clicked, might install malware without permission.
We've redacted the URL, but in the original text, the link was live—and people who click it are delivered to a website that has been deemed dangerous by software security manufacturer Norton.
As far as can be determined, the text message was not from CityLink or any other road authority. Scammers don't necessarily have access to your recent locations; they just know there's an increasing likelihood that the average person has recently driven on a cashless toll road. And drivers, not knowing what an official communication from the toll collectors looks like, are clicking and exposing themselves to fraud.
It's a terrible situation for drivers, who are usually supplied with little or no information about how to safely ensure tolls are paid.
Despite the deterioration in clear communication over how to pay tolls, penalties for evading a lawful toll are increasing. In Georgia, for example, state authorities use a private collection agency to go after people who haven't paid. Republican politicians there have also advocated for suspending the registration of drivers whose payments don't go through.
It feels like a trap. As the punishments for toll-skipping get more severe, clear communication about payment expectation decreases. And private contractors benefit from the spoils.
Given the cloud of confusion over the new systems and the sometimes draconian enforcement of them, drivers are understandably nervous about potentially missing legitimate toll payments—and so they click the scammers' bait.
If you receive one of these texts, do not click the link.
Instead, go through these steps to see if you're truly being billed for a legit toll.
1) Look up the name of the official toll road authority that governed the road you were on. That might entail searching the web for the turnpike authority of the state you were in, or you could consult Wikipedia's list of toll roads and the entities responsible for operating them.
2) Once you have the name of the road authority or the name of the toll system, verify the charge directly. Phone the road operator, or enter its actual website URL (not the one in the text) directly in your browser without clicking that suspicious texted link. Once you get ahold of an official rep, ask whether you indeed have an outstanding toll invoice and deal with payment through other channels.
3) Check the safety of the texted link (optional). Some websites allow you to test suspicious URLs without actually visiting them yourself. Try Norton's Safe Web (https://safeweb.norton.com) or URLVoid (https://www.urlvoid.com). Whatever you do, don't enter the suspicious URL in the address bar of your own web browser. Let the verifiers do the testing for you by using the special fields on their websites.
When the redacted website from the text above was checked using the Norton Safe Web site, the result warned: "This is a known dangerous webpage. It is highly recommended that you do NOT visit this page."
The international stampede to convert tollbooths to all-electronic collection has, in many cases, put travelers at a disadvantage that makes unfamiliar roads tantamount to tourist traps. Drivers are rarely informed clearly about what a valid toll collection communication will look like, allowing scammers to prey on motorists' fear of losing driving privileges.
I've been railing against the poor implementation of cashless tolls for nearly a decade, but the urge to privatize public utilities has not been accompanied by a corresponding sensitivity for making sure the shifting payment rules are clearly expressed to short-term visitors.
In the bewildering haze of regulations surrounding the rampant rise of cashless toll roads, scammers have materialized to capitalize on the confusion. Don't give them the satisfaction.