American consumers lost $3.5 billion to imposter scams last year, keeping the category at the top of the Federal Trade Commission’s fraud rankings for a ninth consecutive year. A fast-spreading wave of fake toll-payment texts has become one of the most visible new tactics, with the FBI warning that the messages use nearly identical wording and impersonate state toll agencies across multiple jurisdictions. The campaign highlights how quickly scammers adapt their delivery channels while the underlying playbook stays the same.
Why fake toll texts accelerated a nine-year fraud streak
The FTC identified imposter scams as the top fraud category in 2023 after hand-coding a random sample of consumer reports submitted through reportfraud.ftc.gov. Business and government impersonation reports together drove the combined loss totals that kept the category ahead of every other type of consumer fraud. The shift from phone calls to text messages has given scammers a cheaper, faster way to reach millions of people at once, and the toll-text campaign is the clearest example of that pivot.
The FBI’s Internet Crime Complaint Center published a public service announcement describing a smishing campaign targeting road-toll customers in multiple states. The texts claim recipients owe unpaid tolls and include links that mimic legitimate state toll-service websites. Phone numbers and URLs change by state, but the language stays almost word for word the same, a hallmark of industrialized fraud kits sold on underground markets. State officials from coast to coast echoed the IC3 warning, urging residents to delete the messages and avoid clicking any embedded links.
One open question is whether states that provide official toll apps with verified short codes can blunt the attack more effectively than states that rely solely on public advisories. Verified sender codes give recipients a simple way to distinguish real billing notices from fakes. If any state toll authority begins publishing complaint data before and after launching such a tool, the results could offer the first controlled measure of how much proactive authentication reduces smishing losses compared with reactive warnings alone.
FTC and FBI data behind the $3.5 billion loss figure
The FTC’s Data Spotlight on impersonation scams detailed how analysts counted business and government impersonation reports and combined the loss totals for those subtypes. That methodology, based on hand-coded random samples of filings, is how the agency determined the ranking among all fraud types. The $3.5 billion figure represents reported losses only; the true cost is almost certainly higher because many victims never file a complaint.
The FBI’s 2024 cyber-alerts index separately lists the toll-road smishing campaign among active threats, confirming that federal law enforcement treats the texts as more than a nuisance. The IC3 public service announcement noted that the scam had spread across multiple states and jurisdictions, with each new wave tweaking the spoofed domain names just enough to evade automated filters. Reporting from the Associated Press underscored how state-level officials have issued their own warnings, creating a patchwork of advisories but no coordinated national response.
Gaps in toll-smishing data and what to watch next
Several pieces of the puzzle are still missing. Neither the IC3 nor the FTC has broken out the exact dollar losses tied specifically to toll-text scams, making it hard to quantify how much of the $3.5 billion total comes from this one scheme. Current public dashboards group smishing under broader imposter and phishing categories, so policymakers can see the overall trend but not the precise impact of any single campaign.
That lack of granularity matters. Without a distinct line item for toll-related smishing, it is difficult for transportation agencies, payment processors, and mobile carriers to justify investments aimed at this particular threat. A state toll authority weighing whether to fund a verified texting program or overhaul its billing notices is essentially flying blind: it knows the scam is widespread, but not how much money residents are losing or which countermeasures make a measurable difference.
Future reporting could change that. If the FTC begins tagging imposter reports with more detailed categories-such as tolls, utilities, delivery services, or tax agencies-analysts could track which impersonation themes are gaining or losing ground year over year. Similarly, if IC3 complaint forms added a simple checkbox for “road toll or transit fare,” the FBI could publish periodic snapshots showing how many victims encountered the specific unpaid-toll script and how much they lost.
Mobile carriers and state agencies also have a role in closing the data gap. Carriers already filter large volumes of spam texts; sharing anonymized statistics about blocked toll-related messages with regulators would help gauge the scale of attempted fraud, not just successful attacks. Toll operators, for their part, could maintain internal logs of customer contacts mentioning fake texts and, in aggregate form, feed that information back to federal partners.
For now, the most reliable defenses remain basic: consumers should treat any unexpected toll notice as suspicious, avoid clicking links in unsolicited messages, and navigate directly to official state toll websites or apps to check account balances. As long as imposter scams remain the leading fraud category and text messaging continues to offer scammers low-cost reach, toll-payment smishing is likely to persist. The speed with which law enforcement, regulators, and industry can improve data collection and authentication tools will determine whether this particular script becomes a brief spike in the statistics-or a fixture in the next decade of fraud reports.
