Have you recently received a message claiming you owe a toll fee? If so, you might be the target of the SunPass toll scam. It’s just one example of a rapidly emerging threat called smishing (SMS phishing).

Here’s how the SunPass toll scam works, what to do if you’re targeted, and similar scams to look out for.

What Is Sunpass?

SunPass is an electronic payment method for toll roads in Florida, USA. To sign up, SunPass users purchase a transponder and place them on their vehicles’ windshields. You can pick one up on Amazon. When they drive through a toll, an electronic reader scans the transponder and the charge is automatically deducted from their prepaid online toll account. SunPass transponders are also compatible with tolls in 18 other states.

Sunpass
Version 1.0.0

SunPass is used by around 27m customers. Unfortunately, its popularity has made the brand a useful cover for fraudsters.

What Is the Sunpass Toll Scam?

In April 2024, the FBI issued a consumer alert which said that they had received over 2k complaints about a scam involving fake text messages that appeared to come from a road toll collection service. These text messages inform recipients that they have unpaid toll fees.

PSA about the Sunpass toll scam

SunPass wrote in an email to customers:

The scam uses text messages requesting prompt payment to avoid fees. The message contains a link to a fraudulent website in an attempt to collect information. These messages are not sent by SunPass…Please note that SunPass does not ask customers via text to make a payment or take immediate action on their account.

This type of scam is called smishing.

What Is Smishing?

Smishing is a form of phishing involving text messages. Phishing is when fraudsters contact individuals posing as a legitimate organization in order to commit identity or financial fraud.

Smishing messages may:

  • include malicious links that contain malware or lead to fraudulent websites
  • persuade victims to reveal sensitive information e.g. credit card details or passwords
  • trick users into transferring money to fraudsters

The consequences of smishing can be serious. Victims may lose money or have crimes committed in their name. Personal or company data can be compromised and your credit record could be impacted.

How Does the SunPass Toll Scam Work?

Scammers send a text message claiming the recipient has unpaid toll fees. According to the FBI, it often includes the phrase “outstanding toll amount”. The amount listed is around $10-20 to appear realistic. The message advises you to pay your toll immediately to avoid additional fees. example of a SunPass toll scam

The message includes a link that looks like it leads to the official SunPass website. However, it leads to a fake website where you’re asked to fill in information such as your billing address or credit card details.

Fraudsters are creative so there are likely other versions of this scam circulating, including scams targeting victims via phone calls or email.

How to Avoid Toll Smishing Scams

The most obvious signs that you’ve received a SunPass toll scam message are if you are not a customer of SunPass or if you know that you have no outstanding toll fees.

SunPass toll scam

Legitimate communications from SunPass will only come from the text number 786727 and the email addresses [email protected] or [email protected].

Smishing messages often include:

  • an urgent tone
  • requests for personal information
  • spelling and grammar errors
  • suspicious links
  • surprising claims e.g. you’ve won a prize or owe money unexpectedly

It’s a good idea to view all unsolicited messages as suspicious. Only share your number with people or organizations you trust. You can also limit the potential impact of a smishing attack by installing antivirus on your phone.

What to Do if You Get a SunPass Toll Scam Message

  1. Do not click on the link or call a phone number included in the message.
  2. Do not respond – even if it asks you to “text STOP” to stop receiving their unsolicited messages.
  3. Check your account status. Log into your account via the official SunPass website to independently confirm the claim in the message.
  4. File a complaint with the IC3 at www.ic3.gov. Include the number the text came from and the website listed in the text.
  5. Delete the message.
  6. Block the number.
  7. If you have clicked a link or shared sensitive information, you may need to contact your bank, monitor your accounts, or update passwords.

Other Smishing Scams to Look Out For

Toll-charge scammers have moved beyond Florida and SunPass. There are now consumer alerts about similar scams all over the country including in California, Utah, and Michigan. But toll charges are not the only smishing scams to look out for.

  1. Missed delivery notification. These fake text messages appear to come from a delivery service like the USPS, FedEx, or Amazon. They claim you’ve missed a delivery and ask you to follow a link to provide information or pay a redelivery fee.
  2. Fake payment notification. These text messages appear to come from the bank or a payments app like PayPal or Cash App. They notify you of a charge to your account and provide a bogus helpline for you to call to query the charge. Alternatively, they may claim you’ve received money and ask you to click a malicious link to accept the money.
  3. Security breach notification. Scammers are sending fraudulent text messages telling recipients that their account has been breached and encouraging them to click a link to reset their password. When they do so, the recipients give the scammers access to their log in details.
  4. Overdue bill notification. These messages appear to come from the tax authorities, local government, or credit card companies and claim that you owe money for tax, a speeding ticket, or to pay off your credit card. These organizations would never send a payment link via SMS.
  5. You’re a winner! Some scam messages claim you’ve won a raffle or a gift card. If you click the link, you download malware onto your device which can be used to access your data and accounts.

Don’t Get Scammed!

The SunPass toll scam is just one example of the many smishing attacks that continue to target unsuspecting victims. By staying vigilant and recognizing the warning signs—such as unexpected claims, urgent requests, and suspicious links—you can protect yourself from falling prey to these scams.

If you receive an unsolicited text message, do not click on the link, reply, or call any phone number included in the text. Always verify any claims directly with SunPass through their official website.