By REBECCA RUTHERFORD
Los Alamos

They’re back… more road toll smishing scams!

What is smishing? Smishing is phishing via SMS – text message, as opposed to phishing, which is when they try to trick you into giving up sensitive information via email attack.

These attacks started up again this year, and thousands of people have already reported the attacks.

In 2024 the FBI had warned about this scam, “Since early-March 2024, the FBI Internet Crime Complaint Center (IC3) has received over 2,000 complaints reporting smishing texts representing road toll collection service from at least three states,” the FBI explained in their April 12, 2024 notification.

The scam seems to be moving from state to state and has been hitting NM, which does not have road tolls, this spring. Palo Alto, a security firm, noted that scammers have registered 10,000+ domains as of last month for this new round of the scam.

The latest round of messages claim the victim owes money for unpaid tolls, and seem to contain nearly identical language. All reported messages mention an “outstanding toll amount” with a link, which usually isn’t clickable unless you copy and paste or reply. This round has even more menacing language than previous ones and tries to really scare recipients into clicking.

Image from texts received on the author’s phone

Oof, that’s a lot. “Irreversible consequences”, yikes! This round is a lot more threatening than the last one, clearly trying to scare people into paying up or facing their registration being suspended, late payment fees, and collections.

The text above is a + two digit area code, which tells me it is foreign, and when I google +63 I can see that it is a Philippines country code. The domain is trying to imitate E-zpass, a legitimate toll collection company. The domain is “e-zpass.com-mhb.win” and the root domain is actually:

Name: com-mhb.win

Registry Domain ID: DFA77BF16F9CE4EB3A2EE9F4880A0B388-GDREG

Domain Status:

clientTransferProhibited

clientUpdateProhibited

clientHold

serverTransferProhibited

Nameservers:

rachel.ns.cloudflare.com

alex.ns.cloudflare.com

Dates

Registry Expiration: 2026-04-30 13:25:59 UTC

Updated: 2025-05-05 13:25:59 UTC

Created: 2025-04-30 13:25:59 UTC

A root domain is the primary domain name, without subdomains or prefixes like “www,” and forms the foundation of a website’s address; you can see this was just registered last week. The root domain is basically the part right before the ‘.com”

You can also see that this domain was just registered last week, usually a sign of a scam. The link does appear to be specialized to each locale, to mimic various state’s own toll service names. NM does not have tolls, but an NM resident who has recently been out of state could get one of these and get confused; so it is always good to know.

If you do receive any text messages with links claiming you owe money for unpaid tolls, DO NOT click the link, or interact in any way. Reach out directly to the state agency (in this case ez-pass) the text claims to be from, do not click the link or reply to the text or call the number!

You can block the number, but they will likely just switch to a different number for the next round of smishing messages.

The FBI in their 2024 alert had asked those who received one of these SMS phishing messages to:

• File a complaint with the IC3 at www.ic3.gov and include the scammer’s phone number and the website listed within the text.
• If the user has an account with the toll service, check their account using the toll service’s legitimate website.
• Contact the toll service’s customer service phone number, by looking it up via an internet search.

• Delete any smishing texts received.
• If they click any link or provide your information, make efforts to secure your personal information and financial accounts. They should also ensure that all unfamiliar charges are disputed immediately.

While most NM residents are likely safe from this scam (no tolls in NM!), it is still possible that an NM resident that was traveling out of the state for business or pleasure could get a text like this and potentially be scammed. Be aware of what’s out there, and be alert! Don’t click that link or interact in any way, it’s a scam.

Editor’s note: Rebecca Rutherford works in information technology at Los Alamos National Laboratory.