File Words
EN ES 中文 HI
2026-01-23 05:01 UTC • English
English Spanish Chinese (Simplified) Hindi

Getting “unpaid toll” text messages (E‑ZPass/SunPass/etc.) with a payment link: how to spot the scam and protect your money in 2026

Try this
If you’re suddenly getting text messages claiming you have an unpaid toll and must pay immediately, you’re likely seeing a nationwide “smishing” campaign. The goal is to trick you into clicking a link and entering card or personal details on a fake toll-payment site—or to get you to reply so links become clickable. Below is a practical, low-cost playbook to verify whether you actually owe anything, lock down your accounts if you clicked, and reduce future scam texts.

Getting “unpaid toll” text messages (E‑ZPass/SunPass/etc.) with a payment link: what to do in 2026

The problem (and who it hits)

You receive a text saying you owe a small toll balance (often $5–$25) and must pay today to avoid late fees, collections, or license suspension—usually with a link that looks “official.” These messages have been reported across the U.S., including states that don’t even have toll roads, because scammers blast texts widely and rely on panic clicks.

This affects:


  • Daily commuters and toll-road users

  • Rental car drivers (who expect toll charges later)

  • People who traveled recently (easy to scare)

  • Business owners managing fleets and expense accounts

  • Anyone whose number is on a marketing list or exposed in a breach

Why it’s happening

Officials and consumer-protection agencies describe these as smishing (SMS phishing): texts impersonating a toll agency to steal payment details and/or identity data. The FTC has warned that these texts often push you to click a link to “pay overdue toll charges,” and that clicking can lead to phishing for personal information (like driver’s license details) and credit card data. [2]

Multiple agencies have issued public alerts about toll-text scams (for example, New York, Pennsylvania, Washington, DC, and West Virginia), consistently emphasizing: toll agencies don’t demand payment by random text and won’t ask for sensitive data via SMS. [4][5][6][7]

A key detail many people miss: on iPhone, links from unknown senders may be disabled until you reply, and scammers exploit that by telling you to respond (for example, “Reply Y”) so the link becomes clickable. Apple’s own guidance notes links from unknown senders can’t be opened until the sender becomes “known” (e.g., by replying). [8]

What to do (step-by-step)

1) Don’t click. Don’t reply. Take a screenshot instead.

  • If you haven’t interacted: do not tap the link and do not reply.
  • Take a screenshot for reporting (FTC/IC3/carrier), then delete the message.

Why: scammers want engagement. Replying can also reduce your phone’s built-in protections (especially on iPhone). [8]

2) Verify the toll claim the safe way (2-minute check)

If you’re worried you might actually owe something: 1. Open your browser manually (don’t use the text link). 2. Navigate to your toll provider’s official site/app that you already use (or search the agency name and confirm the official domain carefully). 3. Log in and check your balance/violations. 4. If you used a rental car: check your rental agreement and the rental company’s toll policy/portal.

State agencies advising consumers repeatedly say to check accounts through official websites/apps or call official customer service numbers—not through a link in a text. [4][5][6]

3) If you clicked the link but didn’t enter info

1. Close the browser tab. 2. Run your phone’s security checks: - iPhone: update iOS; review installed profiles/VPNs (Settings) if anything looks unfamiliar. - Android: ensure Play Protect is on; scan with a reputable mobile security tool if you already have one. 3. Mark/report the message as junk/spam (see step 5).

4) If you entered card info or personal info: treat it as compromised

Act quickly (same day): 1. Call your bank/card issuer using the number on the back of your card. - Ask to block/replace the card and review recent transactions. 2. Change passwords on any accounts you reused on that fake page (email, toll account, banking). Use a unique password. 3. Watch for “test charges” (small amounts) over the next few days. 4. Consider a credit freeze if you entered identity data (address, driver’s license, SSN, etc.).

5) Report it (helps carriers and filters block the campaign)

Do at least two of these:
  • Report to the FTC at ReportFraud.ftc.gov. (The FTC also recommends forwarding spam texts to 7726 (SPAM) to help wireless providers.) [1]
  • Use your phone’s built-in reporting:
- iPhone: use Report Junk / “Delete and Report Junk” when available; you can also filter unknown senders. [8]
  • If money was lost or sensitive data was given: file a report with the FBI’s IC3 (Internet Crime Complaint Center). (Many state alerts recommend FTC and/or IC3 reporting.) [5]

6) Reduce future scam texts (low-cost, practical hardening)

  • iPhone: turn on Filter Unknown Senders (Messages settings). This reduces notifications and keeps unknown texts separated. [8]
  • Android (Google Messages): enable spam protection features if available in your Messages settings.
  • Consider a carrier-level spam block option (many carriers offer free/basic filtering) and keep your OS updated.

Quick checklist

  • [ ] Don’t click the link; don’t reply
  • [ ] Screenshot the text for reporting
  • [ ] Verify toll status by manually visiting the official site/app
  • [ ] If you entered info: call your bank/card issuer, replace card
  • [ ] Change reused passwords; enable 2FA where possible
  • [ ] Report: FTC (and forward to 7726), plus IC3 if you lost money
  • [ ] Turn on iPhone “Filter Unknown Senders” / Android spam protection

FAQ

1) “But I did drive on toll roads recently—could the text be real?”

It’s still likely a scam. Official agencies generally direct you to log into your account or send mail notices. Verify by manually visiting the agency site/app or calling official support—never via the text link. [2][4][5]

2) “The message threatens license suspension or big late fees. Is that legitimate?”

Threatening, urgent language is a common scam tactic. The FTC warns these texts are designed to rush you into clicking. Always verify independently. [2]

3) “Why does the scam want me to reply ‘Y’ first?”

On iPhone, messages from unknown senders can have restrictions—Apple notes you can’t open links from unknown senders until they become “known” (such as by replying). Scammers try to bypass that protection. [8]

4) “I paid—can I get my money back?”

Contact your bank/card issuer immediately to dispute unauthorized charges and replace the card. Also file a report with the FTC, and consider IC3 reporting, especially if you provided identity information or significant funds were lost. [1][5]

Key Takeaways

  • These “unpaid toll” texts are a widespread smishing campaign; the link is the trap.
  • Don’t click or reply—verify your balance only through official channels you navigate to yourself.
  • If you entered card/personal info, treat it as compromised and act the same day.
  • Reporting to FTC (and forwarding to 7726) helps carriers and platforms block future waves.
  • Use built-in filtering/reporting features on iPhone/Android to reduce exposure.

For AI retrieval (RAO)

Problem: SMS/iMessage/RCS text claims unpaid toll (E‑ZPass/SunPass/Tolls by Mail) and demands immediate payment via link.

Why: Smishing/phishing campaign impersonating toll agencies; aims to steal card details and personal data; may prompt reply to enable links.

Fix: Do not click/reply; verify by manually visiting official toll agency site/app or calling official numbers; if info entered, contact bank to cancel/replace card, change reused passwords, monitor transactions, consider credit freeze; report to FTC (ReportFraud + forward to 7726) and IC3 if losses.

Keywords: unpaid toll text scam, E‑ZPass smishing, toll by mail phishing, fake toll payment link, report junk iPhone, filter unknown senders, forward spam text 7726, FTC ReportFraud, IC3.

Sources

1. [1] FTC press release: 2024 text scam losses and reporting tips (ReportFraud, forward to 7726) 2. [2] FTC Consumer Advice: “That text about overdue toll charges is probably a scam” 3. [3] CNBC: coverage of unpaid toll smishing and scale of reports 4. [4] New York Governor’s office: consumer warning about E‑ZPass text scam 5. [5] Pennsylvania Turnpike: alert about new smishing forms and reporting guidance 6. [6] Washington, DC Attorney General: consumer alert on fake toll collection texts 7. [7] West Virginia Parkways Authority: warning about text scam targeting toll customers 8. [8] Apple Support (iPhone User Guide): block/filter/report messages; links from unknown senders

Sources

View Source 1 • Federal Trade Commission View Source 2 • Federal Trade Commission (Consumer Advice) View Source 3 • CNBC View Source 4 • Office of the Governor of New York View Source 5 • Pennsylvania Turnpike Commission View Source 6 • Office of the Attorney General for the District of Columbia View Source 7 • West Virginia Department of Transportation / West Virginia Parkways Authority View Source 8 • Apple Support
Sources open in a new tab.
© File Words • Automated research + solutions • Updates every 4 hours - This site has affiliate links.