← Back to Blog

Got a Text About an Unpaid Toll? Here's How to Tell If It's a Scam.

Scam Alert Phishing Smishing iPhone Tips

TL;DR

  • The FTC says government imposter scams jumped 40% in 2025, driven mostly by texts claiming you owe a small unpaid toll, with total imposter losses hitting $3.5 billion.
  • Real toll agencies (E-ZPass, SunPass, FasTrak, TxTag) never send unsolicited texts demanding payment; they bill through mail, their app, or their online portal.
  • The link in the text goes to a lookalike domain like “ezpass-pay.com” or “official-sunpass.net” that harvests your card number for resale within hours.
  • If you got one: don’t tap, forward the text to 7726 (which spells SPAM), delete it, and if you actually want to check your toll account, type the agency’s URL yourself.

You got a text. Something like “Your vehicle has an unpaid toll of $6.34. Pay by tomorrow or face a $50 late fee and a vehicle registration hold.” It looks official enough. Maybe you did drive on a toll road last week. Maybe you didn’t, but the link still wants you to “verify.”

Don’t tap it. Here’s what’s going on.

The text is a scam, even if you do owe tolls

Since spring 2024, the FBI’s Internet Crime Complaint Center has logged tens of thousands of complaints about this exact scam. IC3’s public service announcement calls out smishing texts impersonating road toll services across multiple states. The FTC’s May 2026 imposter scams alert reports that government imposter scams rose 40% in 2025 alone, with overdue toll texts named as the main driver. Total imposter losses hit $3.5 billion across more than 1 million reports.

The scam spread fast because the operation is industrial. NBC News traced the kits to a group security researchers call the Smishing Triad, a China-based crew that sells turnkey smishing toolkits on Telegram. New Jersey’s cybersecurity center has identified more than 20,000 second-level domains tied to these SMS campaigns. The same template gets re-themed for E-ZPass on the East Coast, FasTrak in California, SunPass in Florida, TxTag in Texas. The dollar amount stays small on purpose. Six bucks doesn’t feel worth fighting. You just pay it.

Except you’re not paying a toll. You’re handing your card to a stranger.

Why this lands even when you’re paying attention

A few reasons the toll text works on people who normally spot scams.

The amount is small. $1.50 to $12.50 is the sweet spot. Small enough to skip calling your bank about, big enough that a missed toll feels plausible.

You probably did drive on a toll road. If you live anywhere on the East Coast, in Florida, Illinois, Texas, or California, you’ve crossed an E-ZPass or SunPass gantry sometime this year. The story is plausible the second you read it. The scammers don’t know whether you drive on a toll road. They’re sending the same text to millions of numbers and counting on hit rates.

The URL looks close. Not identical. Close. “ezpass-pay.com” or “ezpassny-toll.com” or “sunpass-update.net.” If you’re scrolling fast, the word “ezpass” is what your eye lands on.

The threat is concrete. Vehicle registration suspended. $50 late fee. Real toll authorities do escalate to fees and registration holds eventually, which is what makes the threat sound legitimate. The fake version just compresses the timeline to 24 hours.

How to spot an unpaid toll scam text in 10 seconds

Three checks. Any one of them fails, it’s a scam.

Check 1: Did you opt in to text alerts? Real toll agencies don’t send billing texts to people who didn’t sign up. The FCC’s guidance is explicit on this. E-ZPass, SunPass, FasTrak, and TxTag bill through mail, email, or their app. If you never gave them your phone number, they don’t have it.

Check 2: Does the URL match the real agency exactly? Official toll domains are short and boring:

  • E-ZPass New York: ezpassny.com
  • E-ZPass Maryland: ezpassmd.com
  • SunPass (Florida): sunpass.com
  • FasTrak (Bay Area): bayareafastrak.org
  • TxTag (Texas): txtag.org
  • I-PASS (Illinois): illinoistollway.com

Anything with extra words (“pay,” “toll,” “official,” “balance,” “update”) or odd extensions (.net, .info, .top, .xyz, weird subdomains) is fake. Shortened links (bit.ly, tinyurl) are also fake. Real toll agencies don’t shorten links in billing notices.

Check 3: Does the text address you by name? If you have a real account, they know your name and use it. Scam texts say “Dear customer” or skip the greeting entirely.

What to do if you got one

Don’t tap the link. Don’t reply. Don’t reply STOP either, because replying confirms your number is active and earns you more spam.

Forward the text to 7726. That spells SPAM. It goes to your carrier’s spam team and helps them blocklist the sender for everyone.

Delete the text.

If you genuinely think you might owe tolls, open your browser and type the real agency URL yourself, then log in there. Don’t tap anything from the message.

If you only opened the page but didn’t enter anything, you’re probably fine. Close the tab and watch for follow-up texts over the next 48 hours.

If you entered your card number, call your bank now and ask to freeze the card and issue a new one. The scam operations sell card data within hours, so you want the card dead before that resale happens.

If you entered your name and address, set up a free credit freeze with all three bureaus. It’s free, takes about 15 minutes, and stops anyone from opening new credit in your name.

If you entered a Social Security number, do the credit freeze and also file an identity theft report at IdentityTheft.gov. Save the report. You’ll need it if anything shows up on your credit later.

How to actually stop these texts on iPhone

The hard truth: Apple’s built-in tools were not designed for this kind of attack. Filter Unknown Senders sorts the texts into a different tab but does not delete or block them, and the senders rotate numbers daily so blocking number-by-number is a treadmill. We covered why Filter Unknown Senders isn’t enough here.

What works is content-based filtering. The text changes phone numbers every day, but the words “unpaid toll,” “vehicle registration,” “$6.34,” and the dodgy URL pattern stay the same. A keyword-based SMS filter catches the pattern. A community database of reported senders catches the rest.

That’s what we built Not Today to do. Set keyword rules for “toll,” “unpaid,” “E-ZPass,” and similar terms, and let the community database (currently 85,000+ reported numbers) catch the variants. There’s optional on-device AI detection for the smarter rewrites scammers are starting to try.

The point isn’t the app. The point is the approach. Block on content, not on number. The Smishing Triad has 20,000 domains and millions of throwaway numbers. You can’t outrun their rotation. You can outrun their copy.

One more thing

Toll texts are the loudest story right now, but the same operation runs the same play with USPS package delivery texts, IRS refund texts, and bank fraud alert texts. The setup is identical: small dollar amount, plausible context, lookalike URL, immediate threat. If you learn to spot the toll one in 10 seconds, you’ll spot the others too.


Not Today is a free spam-blocking app for iPhone. We built it to catch spam before it reaches you, using keyword rules, a community database of 85,000+ reported numbers, and optional AI detection. No account required. Download on the App Store.