Merry Christmas Phishing: Fake FasTrak Message From The Toll Roads
It is Christmas morning and you receive a text message like the one below.
Your wonderful Christmas morning goes from calming and relaxing to one filled with stress. You remember taking the toll road to get to that Christmas Eve party on time. You start to fret because you are a casual toll road customer and pay the toll on the website instead of signing up for the transponder program.
What should you do?
First, take a moment to calm down.
Second, inspect the text message to see whether it is valid.
The sender’s phone number
The sender is using an international phone number. It is unlikely that a U.S. toll road company would use a phone number from the Philippines.
The company’s name
The toll road’s company name is called The Toll Roads. Their electronic toll collection system is called FasTrak. Notice that it is misspelled as “FastTrak” in the message. It is very unlikely the company would misspell its copyrighted name.
The website address
The website address starts with “https://thetollroads.com” and makes it seem valid.
We must remember that the web domain includes everything up to the last dot and the first forward slash. Any previous dots define the subdomain. In this message, the “thetollroads” is the subdomain and “com-97ny.cfd” is the domain.
Clicking the link
You will be taken to a phishing website if you click the link. The website might even download malicious software to your computer.
Malwarebytes Browser Guard and other security browser extensions can protect you if you click the link. I accidentally clicked the link when trying to download the picture and got this warning message.
Independent verification
We should avoid replying to the text message. Instead, go to the official The Toll Roads website. It is safe to be extra cautious when receiving text messages from unknown numbers.
Before you go
Here are other posts you might enjoy.
