Highway Robbery 2.0: How Attackers Are Exploiting Toll Systems in Phishing Scams
NetmanageIT OpenCTI - opencti.netmanageit.com
SUMMARY :
A massive SMS phishing campaign targeting U.S. drivers exploits various toll systems, including E-ZPass, SunPass, and TxTag. The scam uses fake payment alerts sent via iMessage and SMS from foreign numbers to lure victims to fraudulent websites. Analysis reveals a pattern in domain names and infrastructure, with most phishing sites hosted on Chinese ASNs like Tencent and Alibaba Cloud. The campaign employs nginx web servers and constantly shifts tactics to evade detection. Over 2,000 complaints have been filed with the FBI's Internet Crime Complaint Center, prompting warnings from the FTC and toll authorities. The scam's effectiveness stems from the inconsistency in legitimate toll collection domain names, making it challenging for users to distinguish between real and fake websites.
OPENCTI LABELS :
infrastructure analysis,domain spoofing,sms phishing,sunpass,toll systems,txtag,imessage,chinese asns,nginx,e-zpass
Open in NetmanageIT OpenCTI Public Instance with below link!
Use public read only username and password on login page.
NOTE : Use Public READ only user credentials on login page banner.
Highway Robbery 2.0: How Attackers Are Exploiting Toll Systems in Phishing Scams