By REBECCA RUTHERFORD
Los Alamos
For the Los Alamos Daiy Post

Oof, yet again the nation is facing a wave of toll themed smishing scams.

What is smishing? Smishing is phishing via SMS – text message, as opposed to phishing, which is when they try to trick you into giving up sensitive information via email attack.

These attacks started up again this year, and thousands of people have already reported the attacks.

In 2024 the FBI had warned about this scam, “Since early-March 2024, the FBI Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing texts representing road toll collection service from at least three states,” the FBI explained in their April 12, 2024 notification.

The scam seems to be moving from state to state and has been hitting NM, which does not have road tolls, this month. Palo Alto, a security firm, noted that scammers have registered 10,000+ domains as of last week for this new round of the scam.

The new round of messages claim the victim owes money for unpaid tolls, and all contain nearly identical language. All reported messages mention an “outstanding toll amount” with a clickable link.

Image from a text received on the author’s phone

The text above is a + two digit area code, which tells me it is foreign, and when I google +63 I can see that it is a Philippines country code. The domain is trying to imitate E-zpass, a legitimate toll collection company. The domain is “e-zpass.com-nku.xin” and the root domain is actually:

Name: com-nku.xin
Registry Domain ID: a521bb592d894caab70a2e905242df46-DONUTS
Domain Status:
addPeriod
Nameservers:
ns7.alidns.com

ns8.alidns.com

Dates
Registry Expiration: 2026-03-15 12:33:14 UTC
Updated: 2025-03-15 12:33:14 UTC
Created: 2025-03-15 12:33:14 UTC

A root domain is the primary domain name, without subdomains or prefixes like “www,”; and forms the foundation of a website’s address; you can see this was just registered last week. The root domain is basically the part right before the ‘.com”

The link does appear to be specialized to each locale, to mimic various state’s own toll service names. NM does not have tolls, but an NM resident who has recently been out of state could get one of these and get confused; so it is always good to know.

If you do receive any text messages with clickable links claiming you owe money for unpaid tolls, DO NOT click the link. Reach out directly to the state agency the text claims to be from, do not click the link or reply to the text or call the number!

The FBI in their 2024 alert had asked those who received one of these SMS phishing messages to:

• File a complaint with the IC3 at www.ic3.gov and include the scammer’s phone number and the website listed within the text.

• If the user has an account with the toll service, check their account using the toll service’s legitimate website.

• Contact the toll service’s customer service phone number, by looking it up via an internet search.
• Delete any smishing texts received.
• If they click any link or provide your information, make efforts to secure your personal information and financial accounts. They should also ensure that all unfamiliar charges are disputed immediately.

While most NM residents are likely safe from this scam (no tolls in NM!), it is still possible that an NM resident that was traveling out of the state for business or pleasure could get a text like this and potentially be scammed. Be aware of what’s out there, and be alert! Don’t click that link, it’s a scam.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.