TECH GIRL: Beware of E-ZPass phishing scam
About a month ago, I drove from my house in Rancho Cucamonga to a seminar in Laguna Beach.
As most Southern Californians know, taking the 241 toll road can help ease some of the traffic you may encounter when driving to Orange County from the Inland Empire, so this is the route I chose to take. They do not take cash on this route anymore, so if you go through the checkpoint without an electronic payment device in your vehicle, they will send you a bill. You then go online and pay the toll within seven days of receiving the notice.
I have an electronic payment device, but it didn’t beep when I went through the toll checkpoint, so I thought I might see a bill for this trip.
The other day, I got an email from E-ZPass Collection Agency with the subject line, “Indebted for driving on toll road.” I figured this was my bill and I opened it. The email read:
You have not paid for driving on a toll road. This invoice is sent repeatedly,
please service your debt in the shortest possible time. The invoice can be downloaded here.”
Before I clicked on the link to download my invoice, a few things ran through my mind. One, the name E-ZPass doesn’t sound familiar – I’ve always known it as FasTrak or The Toll Roads. Two, how did they get my email? Any records for my vehicle would not be associated with the email address that this message was sent to. Three, the email address that it came from was odd – email@example.com. Four, when I hovered over the link to “view my invoice,” it pointed to an unrecognizable website.
At this point, I was pretty confident that this was a scam. I went to The Toll Roads’ website to confirm my suspicions and they had a notice regarding this email. There was an example of the email I received and they urged anyone who received it not to open or respond to it.
I’m usually able to spot email scams relatively easily, but the crazy part about this one was that I had just used a toll road and was half-expecting a bill.
I was among the small percentage of people that they were hoping to fool.
Emails like these are commonly referred to as phishing scams and are designed to steal money or information.
There are a countless number of them and each one works a little differently, but generally, malicious software is downloaded once the user clicks on links in the email or opens an attachment, giving the cybercriminal access to the computer.
They can be tricky to spot, so here are a few tips to help you avoid the potential downtime, data loss and headaches that they can cause.
-- Type Web addresses directly into your browser. For example, if you get an email claiming to be from Bank of America, open your browser and type bankofamerica.com instead of clicking a link in the email.
-- To verify if the email is regarding a legitimate issue, call the company directly using a phone number that you know is valid. If your email has a phone number in it, do not use that one.
-- If an email contains a link, hover your mouse over it, but do not click. Look at the address that link is going to take you to. If it’s not what you’re expecting to see, don’t click it.
-- Do not open unsolicited emails from shipping providers, financial institutions, etc. or emails from unknown sources.
-- Do not open unexpected attachments.
About Courtney Casey
In an industry dominated by men, Courtney Casey, Director of Marketing for Accent Computer Solutions, Inc., is making her mark on the world of information technology. Courtney has been immersed in the IT field most of her life and has been molded into the tech savvy expert she is today. She began working for Accent while earning her Bachelor's degree from California State University, Long Beach. Known in the Inland Empire as the "Tech Girl," Courtney is a regular columnist for the region's newspaper of record, The Press-Enterprise. Her columns address topical news trends, new technology products, and offer advice on how to embrace technology or avoid common IT pitfalls.