These fake emails labeled as attempts to collect unpaid EZPass bills are sweeping the land. I received one yesterday. Needless to say, do not click on the link if you get one. Best to not even open the email.
The phishing emails, asking you to click on an infected link, are coming from compromised WordPress installations and started going out in bunches on July 8, according to a consortium of real EZPass agencies in 15 states. "We advise you not to open or respond to such a message should you receive one," the group warns.
They come in several flavors, all with the same clunky wording — and lack of specifics — as giveaways.
In order to help detect the scam quicker, E-ZPass singled out the subject lines of "In arrears for driving on toll road" and "Payment for driving on toll road" as recent examples. In his research, Warner also discovered "Indebtedness for driving on toll road" and "Pay for driving on toll road"....
It's likely the criminals behind the Phishing scheme are sending the emails blindly, waiting to see who falls for the bait. This theory is also backed by the fact that some of those targeted in the Phishing attack are not E-ZPass customers.
"Phishing scams are pervasive and users should always be on the lookout for unexpected communications from organizations they have relationships with," said Chester Wisniewski, Senior Security Advisor for Sophos, when asked his thoughts on the scam.
"It can be tempting to click before you think, but important messages are not typically sent via email. The safest thing to do is go directly to the web site of the organization or pick up the phone if you are unsure."