LOS ANGELES, CA – A persistent scam involving fraudulent text messages disguised as toll collection or package delivery alerts continues to reach thousands of mobile phones across California, raising concerns among cybersecurity experts and federal authorities alike.
The operation, known as “smishing” — short for SMS phishing — has prompted renewed alerts from federal officials warning that scammers are preying on drivers and online shoppers. Street People found out that this ongoing scheme has adapted over time, now targeting individuals with text messages that appear to come from official agencies, demanding payment for unpaid highway tolls or prompting action on a delayed delivery.
The messages often display a specific dollar amount and include a clickable link directing the recipient to a spoofed website designed to capture sensitive personal or financial information — such as credit card numbers, bank login details, or driver’s license data. SP gathered that many of the links are crafted to resemble legitimate tolling systems like FasTrak, Caltrans, or regional agencies throughout California.
Despite warnings from federal agencies, including the FBI and the Federal Trade Commission, the scam shows no sign of slowing. The FBI has logged more than 2,000 reports related to toll smishing since March 2023. SP learned that the fraudulent messages tend to contain nearly identical language and that the associated URLs rotate between states to avoid detection. In California, residents have reported receiving texts referencing well-known systems such as FasTrak, while similar reports have emerged from Florida, Texas, New York, Illinois, and even parts of Canada.
SP also found that the fraud campaign has recently expanded. A new wave of attacks now imitates delivery service providers, according to analysts with a private cybersecurity firm. These messages attempt to trick recipients with phony delivery updates or fake address verification requests — tactics capitalizing on the widespread use of e-commerce platforms and parcel tracking.
Researchers monitoring the situation say over 10,000 malicious domains have been registered in support of these scams. The fraudulent domains often begin with prefixes such as “com-” and mimic legitimate addresses in an effort to deceive users.
Authorities have urged the public to remain cautious and provided the following guidance:
-
Avoid clicking links or responding to suspicious or unexpected text messages.
-
Verify toll or delivery claims using official websites or customer service numbers.
-
Use mobile device tools to mark texts as spam or report them by forwarding to 7726 (SPAM).
-
Delete suspicious messages after reporting.
SP learned that officials continue to emphasize that no legitimate government agency or toll operator will contact users through unsolicited text messages requesting immediate payment. Those who receive suspicious texts are advised to double-check any claims using a verified phone number or website.
Law enforcement and cybersecurity teams are continuing efforts to block known malicious domains and investigate smishing operations. However, experts warn that consumer vigilance remains the strongest defense against these evolving scams.
