Scam Checker
Back to all scam alerts and blog posts

Unpaid Toll Text Scam: How the Toll-Road Smishing Wave Works

By Published Reviewed by Shubham Singla
  • smishing
  • text scam
  • toll scam
  • phishing
  • scam alert

Disclaimer: This post is for informational purposes only and does not constitute legal or financial advice. If you believe you have entered card details on a fake toll site, contact your bank immediately and report it to your local fraud authority.

You're going about your day when a text arrives: your vehicle has an unpaid toll, a small balance is overdue, and you must pay now to avoid a late fee or a suspended registration. The amount is tiny — a few dollars — and there's a tidy link to settle it. That small amount and the official-sounding wording are exactly what make the unpaid toll text scam so effective. It has become one of the most widespread smishing (SMS phishing) campaigns hitting drivers across the US, UK, Canada, and Australia.

Is the "unpaid toll" text a scam?

In almost every case, yes — an unexpected text demanding immediate payment for an unpaid toll, with a link, is a scam. Legitimate tolling agencies do send notices, but they do not typically chase a one-off two-dollar balance by SMS with a pay-now link to an unfamiliar website. The toll text scam works because the requested sum is too small to argue with and too easy to just pay. Before you tap anything, you can paste the link into our free scam link checker or run the whole message through the main Scam Checker to see the red flags spelled out.

Example scenario

Here's a realistic composite scenario based on patterns reported to the FTC, the FBI's Internet Crime Complaint Center (IC3), and r/Scams:

"I got a text saying 'Your vehicle has an outstanding toll of $4.30. To avoid a late fee of $35.00, please settle your balance' with a link ending in a weird domain I didn't recognise. I drive that route sometimes, so it felt plausible. I clicked, and the page looked just like the real toll site — same colours, same logo. It asked for my name, address, and card number to 'pay the balance.' I typed everything in and hit pay. Two days later my bank flagged a $600 charge from an electronics store overseas. The $4.30 toll was never real — they just wanted my card."

This is a realistic example built from common reports — not a single real person's story.

How this scam works

The toll smishing campaign follows a tight, repeatable formula:

  1. Mass-blast SMS. Scammers send the same text to enormous lists of phone numbers, often spoofing the sender so it appears as a short code or an unknown mobile number. They don't need to know whether you actually use toll roads — at scale, plenty of recipients do.
  2. A small, believable amount. The "balance" is deliberately tiny ($2–$12 range). A small number lowers your guard; you're more likely to just pay than to call and dispute it.
  3. Manufactured urgency. The message threatens a late fee, a penalty, points on your licence, or a suspended registration if you don't pay within 24–48 hours. Urgency is the single most reliable tell of a phishing message, as both the FTC and the UK and Australian authorities repeatedly warn.
  4. A lookalike payment page. The link leads to a clone of a real tolling agency's site (E-ZPass, FasTrak, Linkt, Dart Charge and similar brands are all impersonated). The page harvests your name, address, and full card details — sometimes a one-time passcode too, so they can defeat your bank's verification.
  5. The real theft. The toll was never the goal. Your card details are either charged immediately for large amounts, sold on, or used to add your card to a mobile wallet the scammers control. The IC3 has flagged toll-themed smishing as a high-volume, nationwide fraud trend.

Because the infrastructure is cheap, when one batch of scam domains gets blocked the operators simply spin up new ones and send the next wave — which is why the same scam keeps reappearing under slightly different web addresses.

Who is being targeted

Effectively everyone with a mobile phone. Unlike scams that target a narrow group, toll smishing is sent indiscriminately, and it lands on people who genuinely drive toll roads as well as those who never do. It is particularly effective against:

  • Frequent commuters who really do have toll accounts and can't immediately remember whether a small charge is outstanding.
  • People in a hurry, who pay the trivial amount to make the "problem" go away.
  • Anyone unfamiliar with how their tolling agency actually contacts them — most real agencies direct you to log in to your official account or app, not to a link in an unsolicited text.

Red flags to watch for

🚩 An unexpected text about a toll you don't remember. Real overdue-toll notices rarely arrive cold by SMS with a pay-now link.

🚩 A link to a domain that isn't the official tolling site. Scam links use lookalike or random domains (long strings, odd country codes, URL shorteners). When in doubt, don't tap — check the link first.

🚩 A very small amount plus a much larger threatened penalty. The "$4.30 now or $35 late fee" structure is engineered to make paying feel like the safe choice.

🚩 Pressure to act within hours. Genuine agencies give you weeks and a proper billing process, not a 24-hour countdown.

🚩 A request for full card details, address, and a verification code on the landing page. A legitimate toll top-up through your real account never needs you to re-enter everything via a texted link.

🚩 Slightly-off grammar, spacing, or currency symbols. Many of these messages are sent from overseas kits and contain small language tells.

What to do if you received the text

  • Don't tap the link. If you're unsure whether you actually owe a toll, go directly to your tolling provider's official website or app — type the address yourself or use a bookmark — and check your account there.
  • Check the message safely. Paste the link or the full text into the Scam Checker or the scam text checker to confirm the red flags before you do anything else.
  • Report it. In the US you can forward spam texts to 7726 (SPAM) and report to the FTC and the FBI's IC3. In Australia, report to Scamwatch; in the UK, forward suspicious texts to 7726.
  • Delete and block. Once reported, delete the message and block the sender.

If you already entered your details

Act quickly — the toll was bait, but your card details are the real loss:

  1. Call your bank or card issuer now and tell them you entered your card on a phishing site. Ask them to freeze or reissue the card and watch for fraudulent charges.
  2. Change any password you may have reused, especially if the fake page asked you to "log in."
  3. Watch for a follow-up "bank fraud team" call. Scammers who have your details often call pretending to be your bank to extract more. Your real bank will never ask you to move money to a "safe account."
  4. Walk through the recovery steps on our Have I Been Scammed? page for a personalised first-hour checklist, and review our scam text message examples so you recognise the next one instantly.

The unpaid toll text scam survives because it's cheap to send and easy to believe. The defence is simple and free: never pay or log in from a link in an unexpected text. Go to the source directly, and when in doubt, check the message first.

Sources

External sources and references