One of the easiest forms of identity theft come from emails and texts that look so authentic that we panic and reply; which is exactly what the sender wanted you to do.  However, once you entered your information, the damage is done.  The trick is not to fall for these scams.

What you see here is an example of what these text messages look like.  This is a screenshot from a text I received on my phone.  Lets dissect this text to see what makes it so dangerous.

  1. In Florida, we have a toll system that’s called SunPass and a few others.  The way you use it is you attach a transponder to your windshield, and prepay your transponder on the account on SunPass.  When you go through the toll, it will read your transponder and deduct that toll’s charge from your balance.  So with the amount of travel I do throughout Tampa and surrounding counties, I have a SunPass account.  So right out the gate, this is something I actually have so it could be a real problem.  This is technology remember, and technology fails.  When it fails it’s supposed to go off pay by plate.  You will get an invoice in the mail for any tolls that your transponder didn’t pick up, or you had a negative balance. This made me think, did I overlook that invoice and threw it out as junk mail?
  2. The second plausible roll of the dice they threw in this text was the amount due.  $6.00 is a very common amount, unlike saying I have over $400.00 in unpaid tolls.  Tolls that are unpaid, billed by pay by plate invoice can get your license suspended until it’s paid.

With those two situations covered in this text, it’s very plausible this is legit.  Now let’s take a look at things that when carefully examined will prove this is a scam.

  1. SunPass and other Florida Toll Pass systems will text you when your balance is low.  It will not text you if the transponder didn’t work.  That’s the only time the system texts you.  So getting a text is a MAJOR red flag.  All correspondence on outstanding balances will be given through the post office.  They won’t call either.
  2. With that in mind, look at the number the text came from.  It’s not even a phone number, it’s an email address.  Its not a sunpass.org email either, it’s Outlook.  No major company would send this from an Outlook address.  It would come from a telephone number first of all, and the email would be from sunpass.org.  No exceptions.
  3. The verbiage in what will happen if I don’t pay.  IMMEDIATE addition of late payment fees.  Suspension of your registration by the DMV, collection actions, including a negative report to your credit report.  I made bold things that are clearly fraud.  First of all, immediate addition.  No it doesn’t happen like that.  It would be said like, you may incur late payment fees on your account.  Registration, please stop making me laugh.  Your registration does not get suspended,  your driver’s license does.  Collective actions, including a negative report.  This won’t be necessary as your license would be suspended.

The verbiage tells you a few things.  The sender is not from the United States and does not know how we operate and what our laws are when it comes to the government and the DMV.  They use fear factor words.  These words are designed to put fear in your mind so you pay this immediately.

Now let’s discuss the biggest red flag out here.  The payment URL.

The URL they refer you to is: https://sunpass.com-fmw.cc/us.  I made bold the part of the URL that will get your info.  Here is the actual URL you would need to visit to pay your tolls, replenish your money or anything else you need.  https://sunpass.com. See the difference?  the items in bold point to the actual website that will steal your info.  The .cc stands for Creative Commons, which means anyone can use it and adapt it.  By adding it to the end of sunpass.com they can cloak the URL to look like it’s from Sunpass while sending you somewhere else.  When you get to that page it will look just like the Sunpass website.  Please see the two examples, the first one on the left is the real website the other is the website that you will see if you clicked that link in the text.

You will notice in the fake one, it only offers you to do one thing, pay the balance.  You can’t do anything else, you don’t log into the site yet it shows you a balance?  When you click pay tolls, it will take you to a merchant service that will charge you.  You will pay that $6.00 fine that never existed and they will get your private information and credit card info.  Now they will go on a spending spree.

This is why it’s so important to not panic, and look at everything you get by text or email.  A rule of thumb is trust nothing on the internet.  Never click links on these emails and texts and if you are questioning it, call the company direct.  Being proactive, doing due-diligence and looking out for yourself, you can prevent a major headache.  Companies want to know someone is trying to use them to defraud you, so save that text or email and be prepared to send it to them.  Doing this can also prevent someone else from falling a victim to the scheme.