Taking Action: Scammers using fake E-ZPass accounts to collect unpaid tolls
HUNTSVILLE, Ala. (WHNT) — Traveling for a summer vacation often takes us to other states and sometimes we have to pay to get where we are going.
E-ZPass is a company that makes it easier for you to pay when going over a toll bridge. However, scammers are targeting the company.
It starts with an email that appears to be from E-ZPass, trying to collect money from an unpaid toll. It uses the correct colors and logo. “It’s so easy now to copy someone’s image, put it in an email, make it look professional, and look like it’s the real thing,” said Michele Mason with the Better Business Bureau of North Alabama.
The message usually says you have ignored previous bills. It tells you to pay the toll by downloading an invoice. “The whole purpose is to try to get you to open an attachment because you’ll be opening an executable file that will either download a virus on your computer or spyware and allow someone either entry into your system or at least wreak havoc on it,” said Mason.
If it’s spyware, they can capture your key strokes and then follow along while you do online banking.
“I don’t think it’s a coincidence that this cropped up in the summertime ,” said Mason. “I know it can happen whether you’re in the Orlando area visiting Disney World or another part of the states.”
It’s the end of summer. People have taken vacations and driven all across the country.
“We had one employee of a BBB that said he got one that claimed he had been in Norway, ” she said. “So certainly, if it doesn’t match up with your travels, that’s a huge red flag.”
How to Spot a Phishing Email:
- Watch for look alike URLs. Be wary of sites that have the brand name as a subdomain of another URL (i.e. “ezpass.scamwebsite(dot)com”) or part of a longer URL (i.e. “ezpasspayyourtolls(dot)com.”)
- Hover over URLs in emails to reveal their true destination. Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like the examples above.
- Don’t open attachments from unfamiliar sources. Legitimate businesses rarely send unsolicited emails with attachments. Always confirm an email is real before you download anything.
- Consider how the business normally reaches you.
Most businesses send invoices by postal service, in the body of an email (no attachment) or by asking you to log into your secure account.
- Contact the business. When in doubt, call the business’s customer support line to check the legitimacy of the email. Be sure to find the phone number on your bill or by a web search — not the email or website the scammers gave you.
For More Information
To find out more about scams or report one, check out BBB Scam Stopper.