It starts with six dollars and twelve cents. That was the amount in the text message a Virginia commuter received in March, claiming she owed an overdue toll on the Dulles Greenway. The link looked official. The payment page asked for her card number, then her Social Security number for “identity verification.” Within 48 hours, someone had opened a credit card in her name. Her story, reported to the FTC, is one of more than a million imposter-fraud complaints the agency received last year.
Americans lost $3.5 billion to imposter scams in 2025, according to a Federal Trade Commission consumer alert published in May 2026. That total, which covers all forms of imposter fraud, represents a nearly 20 percent jump from the prior year. Government impersonation schemes alone surged 40 percent year over year, and the FTC ties much of that spike to a wave of bogus toll-road text messages that trick recipients into surrendering credit card numbers and personal data.
Note: The “nearly 20 percent increase” and “40 percent year over year” figures are drawn from the FTC’s May 2026 consumer alert. Readers who want to verify these numbers against the agency’s underlying data visualizations can consult the FTC’s data spotlight series, which provides interactive breakdowns of fraud reports and losses.
“Scammers follow the money, and right now the money is in your phone,” said Emma Fletcher, a senior data researcher at the FTC, in the agency’s May 2026 consumer alert. “Toll-road texts work because they mimic the kind of small, routine charge people don’t think twice about.”
Fletcher, who has authored multiple FTC data spotlights on fraud trends since 2020, added in the same alert: “We are seeing complaint volumes for toll-road texts climb faster quarter over quarter than any other subcategory of government impersonation. The trajectory is steep, and it has not leveled off.”
How the toll-road text scam works
The playbook is simple and repeatable. A target receives a text from an unfamiliar number warning that a small toll balance is overdue. The message includes a link to what appears to be a state tolling agency’s payment portal. Once the target enters payment details, the scammers capture the card number. In many cases, the page also requests a Social Security number or driver’s license number under the guise of identity verification, giving fraudsters everything they need for full-blown identity theft.
A separate FTC analysis of text-message fraud reported through the Consumer Sentinel Network ranked bogus unpaid-toll notices among the top categories of text scams in 2024. The FBI’s Internet Crime Complaint Center has also flagged the scheme, noting that it has been reported in at least 20 states since early 2024.
The scam’s effectiveness hinges on plausibility. Millions of Americans use toll roads for daily commutes or road trips, and a charge of a few dollars feels too small to question. That low-stakes framing is precisely what makes it dangerous.
Why these scams are spreading so fast
Toll-road texts did not emerge in a vacuum. They are the latest rotation in a fraud cycle the FTC has tracked for years. Before toll messages surged, bank impersonation was the most-reported text scam category. Once consumers and phone carriers caught on, fraudsters pivoted to a new disguise. The underlying technique stayed the same: send a bulk message, manufacture urgency, and funnel targets to a fake payment page.
The broader digital environment helps these messages land. Consumers are conditioned to receive legitimate alerts, shipping updates, and payment confirmations on their phones. A short, official-sounding text about a toll balance blends into that stream of notifications rather than standing out as suspicious.
Sending bulk texts is also remarkably cheap. Scammers can blast hundreds of thousands of messages for a few hundred dollars using internet-based messaging platforms, and even a tiny conversion rate generates significant returns when stolen data is sold on dark-web marketplaces or used to open fraudulent accounts.
What the FTC is doing about it
The agency’s Impersonation of Government and Businesses Rule, which took effect in April 2024, gives the FTC explicit authority to seek civil penalties against anyone who poses as a government entity or well-known company to defraud consumers. Since the rule went live, the agency has taken enforcement actions including the seizure of scam domains that impersonated the FTC itself.
Still, the FTC has not published data showing whether those enforcement actions have reduced the overall volume of scam reports or dollar losses. The rule expands the agency’s legal toolbox, but whether it is deterring the most prolific operators remains an open question as of June 2026. Fraudsters running these campaigns often operate overseas, making U.S. civil penalties difficult to enforce.
The numbers likely undercount the real damage
The $3.5 billion figure almost certainly understates the true cost. Not every victim files a complaint. Some people never realize their data was stolen until it surfaces months later in a separate identity-theft incident. The FTC acknowledges that underreporting is a persistent challenge across all fraud categories, though the agency has not published an estimate of the gap between reported and actual losses for imposter scams.
Demographic and geographic detail is also limited. The Consumer Sentinel Network aggregates complaints nationally, but the FTC has not released public breakdowns showing which age groups or regions are most affected by toll-road texts specifically. States with heavy toll infrastructure, such as those along the Northeast corridor and in Florida and Texas, are logical targets, but no primary source has confirmed that distribution as of June 2026.
A note on the headline’s “fastest-growing” claim
The headline of this article describes toll-road texts as the fastest-growing version of imposter scams in 2026. The FTC has not used that exact label. The characterization is based on the complaint trajectory visible in the agency’s published data: toll-road texts climbed from a minor subcategory to one of the top text-scam types within roughly a year, and Fletcher’s May 2026 alert describes their quarter-over-quarter complaint growth as outpacing every other government-impersonation subcategory. Readers should understand this as an editorial interpretation of the trend, not a direct FTC designation.
How to protect yourself right now
Do not tap the link. If you receive a text about an unpaid toll, do not click the URL. Instead, go directly to your state’s tolling agency website by typing the address into your browser, or call the number on your toll account statement.
Check the sender. Legitimate toll agencies typically send notices by mail or through their own apps. A text from a random phone number or an unfamiliar short code is a red flag.
Look at the URL closely. Scam links often use slight misspellings of real agency names or unusual domain extensions (.top, .xyz, .vip) that no government agency would use.
Report it. Forward suspicious texts to 7726 (SPAM), which routes them to your wireless carrier. You can also file a report with the FTC at ReportFraud.ftc.gov.
If you already clicked, contact your bank or credit card issuer immediately to flag the compromised card. Place a fraud alert on your credit file through any of the three major bureaus (Equifax, Experian, or TransUnion) and monitor your accounts for unauthorized charges. If you entered your Social Security number, consider placing a credit freeze, which prevents new accounts from being opened in your name.
Why a $4 charge is the perfect trap
What makes toll-road texts so effective is not technical sophistication. It is the ordinariness of the premise. A $4 toll charge does not trigger the alarm bells that a $4,000 wire-transfer request would. Scammers are betting that most people will pay first and think later, and the FTC’s data suggest that bet is paying off at a historic scale. Until enforcement catches up or carriers find better ways to filter these messages, the best defense is a habit anyone can build today: treat any unexpected payment request on your phone as suspicious until you verify it through a channel you trust.
