27-06-2025
Philadelphia researcher traces who's sending those annoying scam text messages about unpaid tolls
Whether they mention outstanding toll balances or an unpaid traffic violation, chances are you've received one of those scam text messages demanding payment and threatening fines or worse.
Pennsylvania Attorney General Dave Sunday issued a warning in June about the messages, which purport to be coming from agencies like PennDOT.
State officials say they will never ask for payment over the phone or via text message and advise you to ignore and delete the message.
But Aidan Holland couldn't ignore them. The Philadelphia-based cybersecurity researcher started tracing the texts.
"A lot of family and friends were reaching out to me like, 'What is this thing? What do I do?'" Holland said. "Because it was so widespread, I figured there has to be a way that I can track that down and figure out where it's coming from."
Unpaid toll scam texts traced to China
The texts vary, but the scam is the same. They come from odd emails or out-of-area numbers with urgent warnings that you owe the DMV money for a traffic ticket, parking ticket or unpaid toll. The goal is to get you to click on a link to a bogus site and pay.
"What they really want is your credit card," Holland said. "They either want to use it for money laundering or for reselling your credit card at a higher cost."
Holland is a researcher with Censys, a threat research platform, where he said they scan the entire internet every four hours.
"Every server, every website," he said, which means they can identify the bogus sites linked in the texts as soon as they're created.
Holland said he's uncovered more than 100,000 of these scam sites impersonating government and toll agencies, like E-ZPass. The researcher says many of the sites are hosted on networks in China.
The scam sites linked in the messages typically begin with some variation of a legitimate-looking website, but then end with a less common domain like .win, .xin, or .top — legitimate government websites for departments like PennDOT end in domains like .gov.
Cheap and easy for scammers
Part of what makes the scam so successful, Holland said, is that fraudsters can buy up these domains for very little money.
"They're really cheap, like $3 or $4 domains for the whole year," he said. "So it's really easy to use those for scams. "
The inconsistencies in legitimate toll road collection domains also work to the advantage of scammers, he said.
Apple devices appear to get the bulk of these scam texts, according to Holland, because iMessage accepts email addresses.
Protecting yourself from text messages claiming to be the DMV
Holland said he's working closely with the FBI and local agencies to shut down the sites as soon as possible after they're identified.
E-ZPass and Toll By Plate customers can use approved safe methods to check their accounts, including the official Pennsylvania, New Jersey, or Delaware E-ZPass websites, or the Toll Pay apps available from the Apple App Store or Google Play store.
The FBI and FTC advise that you should never click any links in unexpected texts or reply. Users are also encouraged to forward the messages to 7726 or "SPAM" to report them to their wireless provider, and then delete it. Customers can also report the fraudulent messages to the FBI's Internet Crime Complaint Center at
Do you have a money question, a consumer issue, or a scam story you want to share? Email InYourCorner@
