Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

For the uninitiated, or anyone who lives in a country where taxes are paid as normal and therefore pay for appropriate road repairs, E-ZPass is a small device drivers in more than a dozen countries in the U.S. can register for so they can automatically pay tolls along highways rather than having to stop and use cash or coins, or spending a few extra minutes manually processing a transaction.
For this case with New Jersey, the phishing site the scammers set up was shockingly convincing and looked remarkably similar to the legitimate New Jersey E-ZPass website.
Once we logged into our legitimate E-ZPass account to check to make sure we had paid all the appropriate tolls, I alerted my team about this scam, and we appropriately blocked the phishing URL in question in Cisco Secure products.
Drivers from New York to Georgia and Pennsylvania have received these types of texts with equally convincing phishing text messages and lure pages.
In April, the FBI also warned of SMS phishing scams, in which adversaries pretended to be toll collection services from three different U.S. states.
SunPass, the equivalent to E-ZPass in Florida, also alerted about similar scams around the same time as these E-ZPass scams started being reported.
My hunch is that these types of services are being impersonated all over the U.S. for several reasons - thousands of drivers use these services, which makes it likely that whoever receives the text will be familiar with these devices and will have recently driven on a highway that makes drivers pay tolls.
The requests coming through as SMS messages also make the targets more likely to open them on their mobile devices, which may not have the same security in place as a laptop or managed company device.
No individual state or local agency is immune from this style of scam, so if you're ever in doubt of receiving a text like this, it's best to call your area government program in question and ask them about any suspicious activity before clicking on any links or submitting payment information.
Cisco Talos' Vulnerability Research team has helped to disclose and patch more than 20 vulnerabilities over the past three weeks, including two in the popular Adobe Acrobat Reader software.
Acrobat, one of the most popular PDF readers currently available, contains two out-of-bounds read vulnerabilities that could lead to the exposure of sensitive contents of arbitrary memory in the application.
We have more detailed information in our full Vulnerability Roundup from this week.
Several vulnerabilities were identified in the AutomationDirect P3 line of CPU modules.
The device communicates remotely via ethernet, serial and USB and exposes a variety of control services, including MQTT, Modbus, ENIP and the engineering workstation protocol DirectNET. Four of the vulnerabilities found in these PLC CPU modules received a CVSS security score of 9.8 out of 10, making them particularly notable.
TALOS-2024-1942 is a leftover debug code vulnerability that allow an adversary who can communicate to the device over ModbusRTU to enable the device's diagnostic interface without any other knowledge of the target device.
There is also TALOS-2024-1943 which can lead to remote code execution if the attacker sends a specially crafted file to the targeted device and TALOS-2024-1939 which are stack-based buffer overflows that can also lead to remote code execution if the attacker sends a specially formatted packet to the device.
Each of the vendors mentioned in this week's Vulnerability Roundup have released patches for affected products, and users should download these patches as soon as possible.
For Snort coverage that can detect the exploitation of these vulnerabilities, download the latest rule sets from Snort.org, and our latest Vulnerability Advisories are always posted on Talos Intelligence's website.
Just days before the disruption, reports surfaced that the software was quietly installed on computers that handled the check-in process at least three Wyndham hotels across the U.S. A vulnerability in the platform could have allowed anyone on the internet who exploits it can download screenshots captured by the software directly from its servers.
PcTattletale advertised itself as software that could allow anyone to control it remotely and view the target's Android or Windows devices and their data from anywhere in the world.


This Cyber News was published on blog.talosintelligence.com. Publication date: Thu, 30 May 2024 18:13:05 +0000


Cyber News related to Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks

Beware of $5 SMS Phishing Attack Targeting Toll Road Users - A widespread and ongoing SMS phishing (smishing) campaign targeting toll road users across the United States has been identified, posing a significant threat to motorists’ financial security. Since mid-October 2024, cybercriminals have been ...
1 month ago Cybersecuritynews.com
Beware of Fake Unpaid Toll Message Attack to Steal Login Credentials - Security analysts note that these toll scam campaigns achieve approximately 5% success rates – substantially higher than traditional email phishing attacks – demonstrating the effectiveness of this multi-stage approach that combines SMS messaging ...
1 month ago Cybersecuritynews.com
Spear Phishing vs Phishing: What Are The Main Differences? - Almost half of them used phishing to obtain the passwords of users. Highly targeted phishing campaigns against specific individuals or types of individuals are known as spear phishing. It's important to be able to spot phishing in general. For ...
1 year ago Techrepublic.com
9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com
Attackers are impersonating a road toll payment processor across the U.S. in phishing attacks - For the uninitiated, or anyone who lives in a country where taxes are paid as normal and therefore pay for appropriate road repairs, E-ZPass is a small device drivers in more than a dozen countries in the U.S. can register for so they can ...
1 year ago Blog.talosintelligence.com
What SOCs Need to Know About Water Dybbuk - According to the Federal Bureau of Investigation, BEC costs victims more money than ransomware, with an estimated US$2.4 billion being lost to BEC in the US in 2021. Recently, BEC scammers have been using stolen accounts from legitimate Simple Mail ...
2 years ago Trendmicro.com
Arrests in Tap-to-Pay Scheme Powered by Phishing – Krebs on Security - Asked for specifics about the mobile devices seized from the suspects, Lyon said “tap-to-pay fraud involves a group utilizing Android phones to conduct Apple Pay transactions utilizing stolen or compromised credit/debit card information,” ...
2 months ago Krebsonsecurity.com
Flipping the BEC funnel: Phishing in the age of GenAI - For years, phishing was just a numbers game: A malicious actor would slap together an extremely generic email and fire it out to thousands of recipients in the hope that a few might take the bait. Common among these new techniques was a shift towards ...
1 year ago Helpnetsecurity.com
Combat Phishing Attacks With AI-Powered Threat Protection - According to statistics, 81% of organizations have seen an increase in phishing emails since 2020, with an estimated 3.4 billion emails sent every day. AI-generated phishing emails are a sophisticated and evolving cybersecurity threat. ...
1 year ago Gbhackers.com
Phishing Campaign Exploits Open Redirection Vulnerability In 'Indeed.com' - Phishing remains one of the most prevalent challenges facing organisations, with more than three billion malicious emails estimated to be sent around the world every day. Owing to the prevalence of the problem, Verizon's 2023 Data Breach ...
1 year ago Cyberdefensemagazine.com
Spotting Phishing Attacks with Image Verification Techniques - Phishing refers to the tactic used by scammers who impersonate reputable brands and lure victims to click on suspicious links so that they can breach the privacy and sensitive data of individuals. You can call image-based phishing a relatively ...
1 month ago Cybersecuritynews.com
AI-Powered Phishing Detection - Does It Actually Work? - Unlike traditional methods that rely on identifying known threats, AI-powered systems analyze patterns and behaviors to detect anomalies indicative of phishing attempts. The rise of artificial intelligence (AI) has brought new hope to combating these ...
1 month ago Cybersecuritynews.com
Threat Actors Leveraging Toll Payment Services in Massive Hacking Attack - The attackers have demonstrated remarkable sophistication in their ability to spoof official toll service communications, making it exceptionally difficult for average consumers to distinguish between legitimate messages and fraudulent ones. At the ...
1 month ago Cybersecuritynews.com
CTM360 Tracks Global Surge in SMS-Based Reward and Toll Scams - PointyPhish – Sends fake SMS alerts about expiring reward points to banking, airline, and retail store customers, leading to phishing pages that steal full credit/debit card details. CTM360 detected thousands of these phishing sites across ...
1 month ago Bleepingcomputer.com
The Future of Phishing Email Training for Employees in Cybersecurity - One common method they use is through phishing emails. To counter this changing threat, companies must give importance to providing phishing email training for employees on identifying and responding properly to phishing attempts. Standard training ...
1 year ago Hackread.com
CoGUI phishing platform sent 580 million emails to steal credentials - The messages include a URL that redirects to a phishing website hosted on the CoGUI phishing platform, but the link only resolves if the target meets specific criteria pre-defined by the attackers. A new phishing kit named 'CoGUI' sent over 580 ...
3 weeks ago Bleepingcomputer.com
Phishing platform 'Lucid' behind wave of iOS, Android SMS attacks - Victims clicking on the phishing links are redirected to fake landing pages impersonating state government toll and parking agencies or private entities, such as USPS, DHL, Royal Mail, FedEx, Revolut, Amazon, American Express, HSBC, E-ZPass, ...
2 months ago Bleepingcomputer.com
Phishing kits now vet victims in real-time before stealing credentials - Even if they were allowed to use the real target's address, the analysts comment that some campaigns go a step further, sending a validation code or link to the victim's inbox after they enter a valid email on the phishing page. However, with this ...
1 month ago Bleepingcomputer.com
Vade Releases 2023 Phishers' Favorites Report - PRESS RELEASE. SAN FRANCISCO, Feb. 15, 2024 /PRNewswire/ - Vade, a global leader in threat detection and response with more than 1.4 billion mailboxes protected, today announced its annual Phishers' Favorites report for 2023. Phishers' Favorites ...
1 year ago Darkreading.com
Why Phishing Remains the #1 Cyber Threat and How to Stop It - Unlike many cyber threats that rely solely on technical vulnerabilities, phishing exploits natural human tendencies such as trust, urgency, and curiosity. Additionally, adopting zero-trust security frameworks, which require continuous verification of ...
1 month ago Cybersecuritynews.com
FBI Warns of Massive Toll Services Smishing Scam - The FBI has warned of a prolific new smishing campaign using road toll collection as a pretext to trick victims into handing over their personal information and money. A new Public Service Announcement claimed that the campaign has been ongoing since ...
1 year ago Infosecurity-magazine.com
How Kasada Counters Toll Fraud and Fake Account Creation for Enterprises - Toll fraud and fake account creation are two advanced threats that bad actors employ for massive profit. Fake Account Creation is committed by a wide range of attackers, through automating the generation of new user accounts en masse, which then get ...
1 year ago Securityboulevard.com
Don't phish for deals this holiday season - This season is also a prime opportunity for attackers seeking to capitalize on unsuspecting individuals, employing identity-based cyberattacks such as phishing to compromise users' credentials and take control of their accounts. While education on ...
1 year ago Securityboulevard.com
To tap or not to tap: Are NFC payments safer? - These cards required insertion into payment terminals and authentication with a PIN, marking a shift toward more secure transaction methods. These cards were still susceptible to cloning or information theft, though perpetrating such crimes was more ...
1 year ago Welivesecurity.com
One Phish, Two Phish, Red Phish, Blue Phish - I sat down for a chat with George Skouroupathis, our phishing expert at Resonance Security. Phishing is often the first step taken by hackers in a larger scam. There are lots of different kinds of phishing attacks, but one of the most prevalent is ...
1 year ago Hackread.com