The text arrives between errands: a short notice claiming you owe $4.15 in unpaid tolls, with a link to settle up before late fees kick in. It looks like something E-ZPass or SunPass might actually send. Millions of Americans have received a version of it over the past year. The message is fake, the website behind the link is a carefully built replica, and anyone who taps through and enters payment details is handing a credit card number, home address, and date of birth directly to criminals.
The scale of the problem is now measurable. In a May 2026 consumer alert, the Federal Trade Commission reported that Americans lost $3.5 billion to imposter scams in 2025, a jump of nearly 20 percent from the prior year, with more than one million reports filed. Within that total, government-impersonation fraud reports grew roughly 40 percent, a spike the FTC attributes in part to the surge in fake toll-collection texts. According to the agency’s comparison of complaint growth rates, no single subcategory of imposter fraud appears to be growing faster, though the underlying data has not been published in granular form.
How the scam actually works
Federal and state advisories describe a consistent playbook. A target receives a text claiming a small toll balance is overdue, typically under $20, along with a warning about late penalties or license suspension. The message includes a link that closely resembles a state tolling website, often differing by a single character or using an unusual top-level domain such as .TOP or .XING.
Clicking through leads to a page that copies the look of a legitimate toll portal: official logos, matching color schemes, and form fields requesting a license plate number, home address, date of birth, and full payment-card details. The immediate charge may be trivial, but the harvested data is not. Criminals can reuse it to open new credit accounts, attempt larger fraudulent purchases, or answer security questions on unrelated financial accounts.
What makes these messages more effective than a generic phishing attempt is specificity. The texts explicitly name real toll programs and copy official branding closely enough to fool recipients who genuinely owe a balance, blurring the line between a real reminder and a trap.
Who has sounded the alarm
The FBI’s Internet Crime Complaint Center was among the first federal agencies to flag the pattern. In an April 2024 public service announcement, the IC3 said it had received over 2,000 complaints about toll-related smishing from at least three states in a matter of weeks. That figure is now more than two years old and almost certainly understates the current volume, given the FTC’s reported acceleration in complaints through 2025.
State officials have added their own warnings. New York Governor Kathy Hochul issued a public alert about fake E-ZPass texts designed to collect money for tolls that were never owed. Delaware’s transportation agencies went further, stating that E-ZPass Delaware will never contact customers via text or email to pay a violation or add funds. Attorneys general in several additional states have published similar advisories. The scam is not confined to one region; it tracks the geography of electronic tolling itself, stretching across the Northeast and into any state corridor where drivers manage toll accounts online.
The broader fraud landscape underscores the scale. The FTC reported that total consumer fraud losses reached $12.5 billion in 2024, meaning imposter schemes alone now represent a substantial share of all fraud dollars reported to the agency. The FBI’s annual Internet Crime Report reinforces the trend: internet-enabled scams are outpacing many other categories of reported crime, particularly where criminals can automate outreach at minimal cost.
What the numbers do and don’t tell us
Important gaps remain in the data. No federal agency has published a dollar figure isolating losses specifically from toll-road text scams. The $3.5 billion covers all imposter fraud, and the 40 percent growth in government-impersonation reports includes schemes beyond fake toll messages, such as bogus tax-collection notices and sham court-fee demands.
Demographic and geographic breakdowns are also thin. While state alerts suggest the scam concentrates in toll-heavy corridors, no agency has released complaint data sorted by state, age group, or income level. Whether scammers are using geolocation data, scraping vehicle-registration records, or simply blasting messages to area codes near toll roads has not been confirmed in any public investigation.
The FTC’s characterization of toll-road texts as the fastest-growing variant rests on the agency’s comparison of complaint growth rates within the imposter category through 2025, not on a standalone projection of future losses. No institutional source has published a forecast for 2026 totals.
How drivers can protect themselves
Consumer-protection officials across multiple agencies converge on a few practical steps:
- Treat any unsolicited toll text as suspicious. Instead of tapping a link, open a browser and type the toll agency’s official web address directly, or use a saved bookmark, then check your account balance there.
- Watch for pressure tactics. Legitimate toll operators provide multiple ways to pay and rarely threaten arrest, license revocation, or extreme penalties over a single missed charge. A message demanding payment within minutes is a red flag.
- Act fast if you already clicked. Contact your bank or card issuer immediately, request a new card number, and monitor statements for unauthorized charges. Place a fraud alert with one of the three major credit bureaus (Equifax, Experian, or TransUnion), which will notify the other two.
- Report the message. Forward suspicious texts to 7726 (SPAM), the industry short code used by major carriers to identify spoofed messages. File complaints with the FTC and the FBI’s IC3, which rely on complaint volume to detect emerging patterns and issue broader warnings.
Why this particular scam is so hard to stop
Toll-road smishing exploits a gap between two systems that were never designed to work together. Wireless carriers have deployed STIR/SHAKEN call-authentication protocols to combat voice spoofing, but text-message filtering remains far less effective. Scammers routinely rotate through disposable phone numbers and freshly registered domains, staying a step ahead of blocklists.
On the toll-agency side, most systems were built to send legitimate payment reminders electronically, which gives criminals a plausible template to mimic. Some agencies have begun adding disclaimers to their websites noting they never request personal information via text, but there is no industry-wide verified-sender standard for SMS that would let a phone distinguish a real toll notice from a fake one.
Law enforcement faces its own constraints. The FBI and FTC have issued repeated public warnings, but the operators behind these campaigns often work from overseas, cycling through infrastructure faster than investigators can subpoena records. Prosecutions tied specifically to toll-text fraud remain rare in public court filings as of June 2026.
For now, the most reliable defense costs nothing: if a text about a toll balance arrives unsolicited, close it, open your browser, and go to the source yourself. The few seconds that takes are worth considerably more than $4.15.
