Alert: Don’t Get Fooled By the TollsInfoNYC.com Toll Scam

Photo of author

Written by: Thomas Orsolya

Published on:

A text message scam has emerged targeting New York residents with fake unpaid toll violations. The messages claim the recipient must pay toll balances immediately and provide a link to “TollsInfoNYC.com”. However, this domain directs to a fraudulent phishing website designed to steal personal and financial data.

In this comprehensive guide, we will dissect the TollsInfoNYC.com scam from top to bottom. First, we will overview the scam operations and objectives. Next, we will do a step-by-step breakdown of how the scam ensnares victims. We will also outline measures you should take if you were unfortunate to fall for the trickery. Finally, we will summarize the key lessons learned to avoid this in the future.

Tolls by Mail NY Services scam

An In-Depth Overview of the TollsInfoNYC Scam

The TollsInfoNYC.com scam begins with text messages sent en masse to phones across New York. The messages follow this general template:

“TollsInfoNYC: You have an unpaid toll balance. Go to TollsInfoNYC.com now to pay and avoid additional penalties.”

The domain name sounds legitimately tied to toll payments. However, in reality it is an elaborate phishing site designed to mimic official portals and steal entered data.

The Objectives of the Scam

The end goal of this scam is simple – to trick users into inputting sensitive personal information that can then be exploited for financial fraud.

Specifically, the scammers aim to:

  • Deceive recipients about owing NY toll fees
  • Get users to visit the phishing site by posing as a billing portal
  • Collect personal data like names, addresses, phone numbers
  • Steal credit card information when victims try to “pay balance”
  • Resell this data on the dark web or use it directly for ID theft

Tolls by Mail NY Services 2

How Did This Scam Originate?

The source of this scam is unclear, but most signs point to an organized criminal entity. Spoofing toll agencies provides a clever angle of attack for several reasons:

  • Toll billing is inherently confusing, making “violations” seem plausible
  • Most people dislike tolls and are quick to trust notices to avoid fees
  • New York’s bridge and tunnel tolls are high, provoking urgency
  • E-ZPass complications enable deception about unpaid balances

Additionally, the rise of SMS marketing software enabled efficient text blast capabilities ideal for spreading this scam far and wide.

Scope and Scale of the TollsInfoNYC Scam

This scam campaign peaked in early 2023, with victims reported across New York City and the broader metropolitan area. Staten Islanders appeared to be targeted most aggressively.

Hundreds of toll-related phishing domains like TollsInfoNYC.com popped up to support the ploy. The operation likely netted the scammers thousands of stolen identities and credit card numbers.

While the scam has slowed, isolated reports continue to surface. And new variants could arise at any time. Authorities believe many victims never came forward, so its true impact may be grossly underreported.

How the TollsInfoNYC.com Scam Tricks Victims

Now that we have outlined the scam overview, let’s examine the step-by-step process victims are manipulated through:

Step 1: The Recipient Receives a Text Message

The scam initiates with an unsolicited text sent to the target’s mobile phone. The sender ID is usually a 10 digit number or random letter string.

The message follows this general format:

“TollsInfoNYC: You have an unpaid toll balance. Go to TollsInfoNYC.com now to pay and avoid additional penalties.”

The domain name sounds plausibly connected to toll payments but actually directs to a phishing site.

Step 2: The Message Triggers Urgency

The content of the text is carefully crafted to trigger urgency in the recipient. It states they have an “unpaid toll balance” that must be addressed “now” to “avoid penalties”.

These phrases spark concern over owing money and facing late fees. Most people will rush to resolve the issue. This gets them to visit the scam website.

Step 3: The Recipient Visits TollsInfoNYC.com

Anxious about late toll payments, the recipient will click the link to pay the supposed outstanding balance.

The domain name contains “toll” and “pay” keywords that seem legitimate. But in reality, it sends visitors to a fraudulent phishing website.

Step 4: The User Lands on the Phishing Site

When users click the link, they are taken to the fraudulent TollsInfoNYC.com site. The site is dressed up to precisely mimic official toll payment portals.

Everything from branding, logos, fonts, messages, and the UI is engineered to look real. But it is a complete scam operation.

Step 5: The User Tries to Pay the Fake Balance

The phishing site displays an unpaid toll balance amount the victim “owes”, often $10-20. Worried about late fees, the user tries to pay this fake balance.

The site asks the user to enter their personal and payment card details including:

  • Full Name and Address
  • Phone Number
  • Credit Card Number
  • CVV Security Code
  • Expiration Date

Step 6: The Scammers Steal Entered Payment Details

Armed with the credit card info, names, addresses, and other data entered, the scammers can now use it or sell it online.

They may make fraudulent purchases with the card numbers or sell the info on dark web marketplaces.

Meanwhile, the oblivious user thinks they resolved a toll violation. They will only realize the deception later when fraud occurs.

How to Identify the TollsInfoNYC.com Scam

While the scammers make this scam hard to detect, there are key signs you can watch for:

Suspicious Text Message

  • Comes from unknown 10-digit or random alphanumeric sender ID
  • Contains threatening language demanding immediate payment
  • Link in the text directs to TollsInfoNYC.com specifically

Phishing Website Red Flags

  • URL does not match official toll agency domains like E-ZPass
  • Branding copies logos/graphics but contains small mistakes
  • Poor grammar, spelling and site design expose illegitimacy

Dubious Payment Claims

  • The “unpaid balance” amount seems made up or arbitrary
  • You have no recollection of incurring any toll violations
  • The toll agency referenced is not one you’ve used before

Lack of Confirmation

  • Official toll agencies send confirmation emails after collecting payments
  • If you don’t receive a confirmation, the payment was fraudulent

Trust your instincts. If anything seems suspicious, avoid providing personal data and contact toll agencies directly to verify before taking action. Look for these scam indicators to avoid potential traps.

What to Do If You Are Targeted by the TollsInfoNYC Scam

If you receive a text directing you to TollsInfoNYC.com or fall victim to the phishing site itself, take the following steps immediately:

1. Do Not Click Any Links

If you receive a suspicious text, do not click the link within it no matter how legitimate it appears. Contact toll agencies directly instead.

2. Call Your Phone Carrier

Contact your cell phone carrier and report the scam text. They can investigate the suspicious sender ID and block future messages.

3. Check with Toll Providers

Reach out to legitimate toll providers like E-ZPass that service New York to verify if you actually have unpaid toll balances.

4. Notify Your Bank

If you entered payment information, call your bank and credit card companies immediately. Alert them to the potential identity theft and fraudulent charges.

5. Reset All Passwords

Assume any passwords you entered on the phishing site are compromised. Rapidly reset passwords on all critical online accounts. Enable two-factor authentication as well.

6. Place Fraud Alert

Contact credit bureaus to place a fraud alert on your name and SSN. This makes it harder for scammers to open new accounts in your name.

7. File a Police Report

File a complaint with local law enforcement about the scam text and site. Provide all details available to aid investigation efforts.

Frequently Asked Questions About the TollsInfoNYC.com Scam

1. What is the TollsInfoNYC.com scam?

The TollsInfoNYC.com scam is a phishing scam where scammers send text messages claiming recipients have unpaid NY toll balances. The texts provide a link to TollsInfoNYC.com, which is a fake website designed to steal personal and financial information.

2. How does the TollsInfoNYC.com scam work?

The scam begins with an urgent text message stating you have unpaid toll balances and must pay immediately. If you click the link, you are taken to a convincing but fraudulent website. You are prompted to enter credit card and personal details to “pay the balance”, which the scammers steal.

3. What techniques do the scammers use?

The scammers use urgency tactics in the text to get you to click the link. The phishing site mimics real toll payment sites with logos, branding and web copy. This fools users into entering sensitive data which is stolen.

4. What information did the scammers collect with TollsInfoNYC.com?

The phishing site collected full names, addresses, phone numbers, credit card numbers, security codes, and expiration dates. This gave them the ability to commit financial fraud.

5. How can I recognize the TollsInfoNYC.com scam?

Warning signs include texts from unknown senders about unpaid tolls, threatening language demanding immediate payment, suspicious links, and the TollsInfoNYC.com domain specifically.

6. What should I do if I get a text linking to TollsInfoNYC.com?

Do not click the link or provide any information. Contact your cell phone carrier to report the scam text. Verify with toll agencies directly if you actually have any unpaid balances.

7. What steps should I take if I entered my information?

Immediately call banks and credit card companies and inform them of potential fraud. Place fraud alerts on your credit reports. Reset all account passwords and security questions. Monitor statements for suspicious charges.

8. How can I protect myself from the TollsInfoNYC.com scam?

Use unique passwords on all accounts and enable two-factor authentication when possible. Never click links in unsolicited texts. Independently verify any payment notices with providers before taking action.

9. How extensive was the TollsInfoNYC.com scam?

The scam peaked in early 2022, affecting thousands in the NYC metro area. While it has declined, isolated incidents still occur and new variants could arise. Many victims likely never reported, so its reach is underestimated.

10. What should I do if I encounter a new toll payment scam?

Avoid clicking any links and contact providers directly to verify legitimacy. Report suspicious texts or emails to carriers and authorities. Take preventative measures like placing fraud alerts if personal data was compromised.

The Bottom Line

The TollsInfoNYC.com scam leverages clever social engineering to steal identities and payment data. By learning the scammer tactics, we can avoid falling victim.

Key takeaways include:

  • The scam starts with texts about fake unpaid toll balances
  • Phishing links direct to fraudulent “payment” sites to steal entered data
  • Contact cell carrier, banks, and toll agencies if targeted
  • Reset passwords, enable two-factor authentication, and place fraud alerts
  • Do not click links in messages – instead call providers directly
  • Report scam texts and sites to law enforcement to aid investigation

While this specific scam has declined, new variations could arise at any time. Stay vigilant about texts requesting payments or personal information. Verify any violation notices directly with providers. Take swift action if targeted to minimize damage. Through awareness and caution, we can protect ourselves.

10 Rules to Avoid Online Scams

Here are 10 practical safety rules to help you avoid malware, online shopping scams, crypto scams, and other online fraud. Each tip includes a quick “if you already got hit” action.

  1. Stop and verify before you click, log in, download, or pay.

    warning sign

    Most scams win by creating urgency. Verify using a trusted method: type the website address yourself, use the official app, or call a known number (not the one in the message).

    If you already clicked: close the page, do not enter passwords, and run a malware scan.

  2. Keep your operating system, browser, and apps updated.

    updates guide

    Updates patch security holes used by malware and malicious ads. Turn on automatic updates where possible.

    If you saw a scary “update now” pop-up: close it and update only through your device settings or the official app store.

  3. Use layered protection: antivirus plus an ad blocker.

    shield guide

    Antivirus helps block malware. An ad blocker reduces scam redirects, phishing pages, and malvertising.

    If your browser is acting weird: remove unknown extensions, reset the browser, then run a full scan.

  4. Install apps, software, and extensions only from official sources.

    install guide

    Avoid cracked software, “keygens,” and random downloads. During installs, choose Custom/Advanced and decline bundled offers you do not recognize.

    If you already installed something suspicious: uninstall it, restart, and scan again.

  5. Treat links and attachments as untrusted by default.

    cursor sign

    Phishing often impersonates delivery services, banks, and popular brands. If it is unexpected, do not open attachments or log in through the message.

    If you entered credentials: change the password immediately and enable 2FA.

  6. Shop safely: research the store, then pay with protection.

    trojan horse

    Be cautious with brand-new stores, “closing sale” stories, and prices that make no sense. Prefer credit cards or PayPal for dispute options. Avoid wire transfers, gift cards, and crypto payments.

    If you already paid: contact your card issuer or PayPal quickly to dispute the transaction.

  7. Crypto rule: never pay a “fee” to withdraw or recover money.

    lock sign

    Common patterns include fake profits, then “tax,” “gas,” or “verification” fees. Another is a “recovery agent” who demands upfront crypto.

    If you already sent crypto: stop paying, save evidence (wallet addresses, TXIDs, chats), and report the scam to the platform used.

  8. Secure your accounts with unique passwords and 2FA (start with email).

    lock sign

    Use a password manager and unique passwords for every account. Enable 2FA using an authenticator app when possible.

    If you suspect an account takeover: change passwords, sign out of all devices, and review recent logins and recovery settings.

  9. Back up important files and keep one backup offline.

    backup sign

    Backups protect you from ransomware and device failure. Keep at least one backup on an external drive that is not always connected.

    If you suspect infection: do not connect backup drives until the system is clean.

  10. If you think you are a victim: stop losses, document evidence, and escalate fast.

    warning sign

    Move quickly. Speed matters for disputes, account recovery, and limiting damage.

    • Stop payments and contact: do not send more money or respond to the scammer.
    • Call your bank or card issuer: block transactions, replace the card if needed, and start a dispute or chargeback.
    • Secure your email first: change the email password, enable 2FA, and remove unfamiliar recovery options.
    • Secure other accounts: change passwords, enable 2FA, and log out of all sessions.
    • Scan your device: remove suspicious apps or extensions, then run a full malware scan.
    • Save evidence: screenshots, emails, order pages, tracking pages, wallet addresses, TXIDs, and chat logs.
    • Report it: to the payment provider, marketplace, social platform, exchange, or wallet service involved.

These rules are intentionally simple. Most online losses happen when decisions are rushed. Slow down, verify independently, and use payment methods and account controls that give you recourse.

Previous

Beware Fake 90% Off Calvin Klein Clearance Sales Scamming Shoppers

Next

Beware! The TVBoost Antenna is a Total Scam (Must Read)