Fake Toll Violation Scams
Smishing texts claiming an unpaid toll fee is due, with a fake link that harvests card details.
Last reviewed: 1 June 2026
What this scam is
Fake toll violation scams — sometimes called toll smishing — involve criminals sending text messages that impersonate road toll authorities or electronic toll collection systems such as E-ZPass, SunPass, FasTrak, and similar services. The message states that you have an outstanding unpaid toll fee and that a fine or administrative charge is accruing. A link directs you to a fake payment portal where your card details are harvested.
These scams have become one of the most frequently reported smishing campaigns since 2023 and remained widespread through 2024 and 2025. They are successful partly because many drivers do use toll roads and could plausibly have an outstanding balance, and partly because the amounts cited — typically a few dollars or pounds — feel small enough that paying quickly without scrutiny seems reasonable. The payment itself may be small, but the harvested card details are used for much larger fraudulent transactions.
The scam does not require the sender to know whether you actually use toll roads in your area. Messages are sent in bulk to large numbers of phone numbers, and even a small proportion of recipients who happen to use a toll road — or who are uncertain — will click the link. Some messages are geo-targeted to appear relevant to specific regions or road networks.
Real toll authorities in every country are clear: they do not send payment links by text message, and no legitimate toll agency threatens fines via unsolicited SMS. Any text claiming an unpaid toll requires you to click a link and enter payment details should be treated as fraudulent.
How it works
You receive an SMS — often appearing to come from a shortcode or a number that mimics a toll service's format — stating that your vehicle has an outstanding toll fee. The message provides a plausible amount, such as a few dollars, and states that if it is not paid within a short window a larger fine will be added. A link is included to pay immediately.
The link leads to a convincing fake website styled to match a real toll payment portal, with the authority's logo, colour scheme, and form fields. You are asked to enter your vehicle's number plate or account number to 'look up the unpaid toll', and then your payment card details to settle it. Both the vehicle details and the card number are captured and used by the scammer.
In more sophisticated variants, the fake portal is designed to also capture your name, address, and phone number under the guise of 'billing address verification', providing a complete identity profile in addition to the card details.
Some variants arrive by email rather than SMS, using spoofed sender addresses that appear to come from the toll authority's domain. Others have appeared via iMessage or Android messaging apps with styling designed to look like official service notifications.
Why this scam works
The combination of a small, plausible debt and a sense of urgency — pay now or face a larger fine — is highly effective. The amount is small enough that checking it carefully can feel disproportionate, and the link looks like a standard payment portal rather than something suspicious.
Many drivers genuinely do use toll roads and may be uncertain whether all their transactions were processed correctly. This uncertainty is enough to prompt a proportion of recipients to click the link even when they are broadly aware of smishing as a threat category.
The use of well-known toll brand names — E-ZPass, SunPass, FasTrak, ULEZ — adds apparent legitimacy to messages targeting people in those specific service areas.
A typical pattern
A driver receives a text message claiming their E-ZPass account shows an unpaid toll of [small amount] and that a [larger amount] fine will be added if not paid within 12 hours. The link leads to a professional-looking site with the E-ZPass logo. They enter their car registration and card details. The small amount may or may not actually be charged, but over the following week larger unauthorised transactions appear on the card. The card details were harvested and sold or used directly.
Common red flags
- Text message claiming an unpaid toll fee with a link to pay
- Message arrives from an unrecognised number or shortcode, not through your toll account app
- Link domain does not exactly match the toll authority's official website
- Urgency framing stating a larger fine will be added within hours
- Payment portal requests card details for a small amount
- Form also asks for full name, address, and phone number beyond what a simple payment requires
- Message references a toll authority that does not serve your area
- No corresponding balance shown when you log in directly to your real toll account
- Message appears via bulk SMS with no personalisation beyond your number
- Toll authority name in the message is slightly misspelled or formatted differently from the real brand
Sanitized example messages
Illustrative, sanitized examples. Personal details are replaced with placeholders such as [phone number] and [fake link].
[Toll authority]: unpaid toll fee of [amount] on your account. Pay before [date] to avoid a [larger amount] fine: [fake link]
E-ZPass Notice: your account has an outstanding balance of [amount]. Settle now to avoid penalties: [fake link]
TOLL PAYMENT REQUIRED: [amount] due from [date]. Avoid late fees — pay here: [fake link]
Your [toll service] account shows an unpaid charge. Resolve within 12 hours to avoid suspension: [fake link]
Unpaid toll notice: vehicle [plate] has [amount] outstanding. Click to pay and avoid a [larger amount] fine: [fake link]
FINAL REMINDER: [Toll authority] — [amount] unpaid. This will be referred to collections if not settled today: [fake link]
Common variations
- E-ZPass smishing targeting drivers in US toll states
- SunPass, FasTrak, or regional toll brand variants for specific US states
- UK ULEZ, Dartford Crossing, or National Highways toll variants
- Email variant with a spoofed sender domain mimicking the toll authority
- iMessage variant styled as an official service notification
- Variant claiming the vehicle's toll transponder is expired or deregistered
How to verify before you act
If you believe you may have a genuine outstanding toll, log in to your account directly through the toll authority's official website or app — accessed by typing the official address into your browser, not by following a text link. Your genuine account balance will be visible there.
Alternatively, call the toll authority using the number on their official website. They can confirm whether your account has any outstanding charges. Real toll authorities do not send payment links by SMS. If the message you received contains a link to a domain that does not exactly match the toll authority's official website, it is fraudulent.
Never enter payment card details on a page reached by following a link in an unexpected text message. Even if the site looks convincing, the domain address in your browser bar is the most reliable indicator of whether you are on a real or fake site.
Payment methods used
- Payment card details harvested
- Small card charges as cover for data theft
Who is usually targeted
- Drivers who use toll roads
- General public (sent in bulk)
- Commuters in toll-heavy regions
- Anyone with a vehicle registration
What to do immediately
- Do not click the link in the message
- Log in to your genuine toll account directly through the official website or app to check your actual balance
- Call the toll authority on the number listed on their official website if you want to verify any outstanding charge
- Report the smishing message to your mobile provider (forward to 7726 in the US and UK) and to the fraud reporting service
- If you already entered card details, contact your bank immediately to cancel the card and monitor for fraud
- Delete the message after reporting it
- Report the fake website to the relevant toll authority so they can take action against it
How to prevent it
- Know that real toll authorities do not send payment links by text message
- Access your toll account only through the official website or app, never via a text link
- Check the domain in your browser address bar carefully before entering any card details
- Forward suspicious toll texts to 7726 (SPAM) in the US and UK, then delete
- Set up account alerts through your genuine toll app so you know when real charges are applied
- If a toll charge is unexpected, call the authority directly rather than using any link
- Share this pattern with family members who drive in toll areas — it is one of the most common smishing campaigns currently circulating
Evidence to preserve
- Screenshot of the SMS or message including the sender number or shortcode
- The URL of any fake website visited
- Screenshot of the fake payment portal if accessed
- Records of any card charges made or attempted
- Date and time of the message
- The full text of the message
Where to report it
- Action Fraud (UK) — UK national fraud & cybercrime reporting centre
- FTC ReportFraud (US) — US Federal Trade Commission fraud reports
- FBI IC3 (US) — US Internet Crime Complaint Center
- Scamwatch (Australia) — Australian competition & consumer reporting
- Your bank's fraud line — Use the number on the back of your card or in your banking app — never a number the caller gives you
Always verify reporting routes and emergency contacts on the official government or agency website for your country.
Frequently asked questions
Do toll authorities text me a link to pay?
No. Legitimate toll authorities do not send unsolicited payment links by SMS. Your genuine toll account is accessible only through the official website or app. Any text containing a payment link for an unpaid toll should be treated as a scam.
I use toll roads — could this be a real charge?
It is possible you have a genuine outstanding toll, but you should check by logging in to your actual toll account directly — not through the link in the text. Your real account balance will confirm whether any charge is outstanding.
I clicked the link but did not enter my card details. Am I at risk?
Clicking the link itself carries a small risk if the site contained malicious code, but the primary risk is entering payment details. If you did not enter card information, your financial exposure is limited. Consider running a security scan on your device if you are concerned.
I entered my card number. What should I do?
Contact your bank immediately to cancel the card and report that the details may have been compromised. Monitor your account for any unauthorised transactions over the following days. Report the incident to the fraud reporting service.
Why is the amount in the message so small?
A small, plausible amount — a few dollars or pounds — lowers your guard. It feels proportionate to a routine toll charge and not worth scrutinising closely. The goal is not the small payment itself but the card details you enter to make it, which are then used for much larger fraudulent transactions.
How do I forward a smishing text to report it?
In the US and UK, forward the text to 7726 (spells SPAM on a keypad), which is a reporting shortcode operated by mobile carriers to identify and block smishing numbers. Also report to the FTC (US) or Action Fraud (UK) and to the toll authority being impersonated.
Are these texts sent to people in specific areas?
Some campaigns are geo-targeted to areas with active toll roads, using regional brand names to increase plausibility. Others are sent broadly to large numbers, relying on the statistical likelihood that a proportion of any large group uses toll roads. Either way, receiving the message does not mean the scammer knows your vehicle or driving habits.
What is the safest way to manage toll payments?
Register your vehicle through the official toll authority website or service centre, use the official app to monitor your balance and top up, and set up automatic reload so your account stays funded. This way you will know when a genuine balance alert comes through the official channel and can identify unsolicited texts as fraudulent.