Is EZ Pass contacting you? It may be a scam

A phishing scheme tied to the toll transponder could lead to ID theft

Published: August 15, 2014 11:00 AM

I recently received an e-mail that appeared to come from EZ Pass New York, warning that I had outstanding unpaid tolls and that repeated failed efforts to get me to pay up would result not only in termination of my account, but also get me in hot water with the state Department of Motor Vehicles. Serious stuff.

Most of the time, I instinctively hit the delete button, but because the e-mail appeared so official-looking—down to the purple logo and the appropriate fonts—that I opened the message, but stopped short of clicking on the attached “invoice” to download it to my desktop. That was a red flag. So, too, was the peculiar wording of the subject line: “In arrears for driving on toll road.” Who talks like that?

Of course, it turned out to be a phishing ploy to plant a virus in my computer via the download, which would expose my personal information to ID thieves.

I subsequently learned that the scam was fairly widespread. EZ Pass posted an alert on its website, and the Better Business Bureau acknowledged it, too. Scammers are getting quite good at creating knockoff logos and documents of legitimate companies, so you need to be extra wary.

Read our story on impersonation scams to find out about other scams that are happening now. For more Consumer Reports tips on avoiding phishing scams, click here.

For more Consumer Reports tips on avoiding phishing scams, click here.

Here’s how to spot a phishing e-mail, courtesy of the BBB.

• Beware of look-alike URLs, particularly those that have the brand name as a subdomain of another URL, for example, "ezpass.scamwebsite.com,"  or those that are part of a longer URL like  "ezpasspayyourtolls.com."

• Hover over URLs in e-mails to reveal their true destination. Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like those mentioned above.

• Don't open attachments from unfamiliar sources. Legitimate businesses rarely send unsolicited e-mails with attachments.

• Confirm an e-mail is real by contacting the business before downloading anything. In the case of EZ Pass New York, the instructions were to call the customer service center.

• Consider how the business normally reaches you. Most businesses send invoices by US Postal Service. And if they contact you by e-mail, they don’t instruct you to download an attachment, but rather log into your secure account.  

—Tod Marks

 


E-mail Newsletters

FREE e-mail Newsletters! Choose from cars, safety, health, and more!
Already signed-up?
Manage your newsletters here too.

Money News

Cars

Cars Build & Buy Car Buying Service
Save thousands off MSRP with upfront dealer pricing information and a transparent car buying experience.

See your savings

Mobile

Mobile Get Ratings on the go and compare
while you shop

Learn more