Another week, another scam, but this one is actually hitting monthly, as cybercrims turn to road tolls to convince you to pay up.
The life of a scammer must be one where every road in life where money is applied is one considered lucrative for ripping people off, and in a recent scam push, that seems to be more than just metaphorical.
Over the past few months, we’ve heard from readers and seen it on our own phones that scammers are putting the con on by pretending to be companies behind the road tolls, in a move that might have you asking, “do I really need to pay a toll?”
The answer is likely to be no, partially because the toll request is coming in not through your physical mail address (snail mail), but rather over SMS on your phone, but let’s break up this scam and work out how you can tell if a road toll scam is legit or not.
What’s going on with Linkt toll scams
In the past few months, Australians have been getting quite a few text messages suggesting they need to pay up on some matter or another, but the topic of road tolls seems to be very popular.
Even though they might subscribe to a telco with spam filters activated, some of these are still getting through and in quite a large number, too. Much like other SMS scams, these messages can look convincing, advising phone owners that they have an unpaid toll and to deal with it immediately.
But even though they may reference a relevant authority, these sites are anything but, with the language and link being the dead giveaway.
For those not entirely aware of what’s happening, text messages are arriving purporting to be from “Linkt”, part of Transurban, an Australian company that manages toll road networks across Australia and the US. If you’re using a toll road in NSW, Victoria, or Queensland, there’s a pretty good chance you’re paying for it through Linkt, and there’s even an app for both platforms to let you see your account, top it up, and check for any notifications.
Unfortunately, scammers have cottoned onto the idea that Linkt could be sending out bills, and worse, they’ve found Linkt has an unprotected sender ID.
What’s a sender ID?
At the top of every text message is the name or phone number of whomever has sent you the message. If you don’t know the contact, it might just be the phone number, and if you do, it’ll be the contact details. But if it’s a company and the text is coming from a digital SMS service, the sender ID may also be a company name, and that’s where things can get interesting.
Online text messaging services will typically lock down some names, particularly the very important ones, so scammers and criminals can’t just nab “Telstra” and use it for convincing messages, even if they can get something close, as we’ve learned before.
In the case of Linkt, it appears they may have found one that hasn’t been locked down yet, and so criminals are using it to send messages purporting to be from the toll road manager.
The language of the Linkt scam is improving
Text scams are reliant on language, and while it can be hit and miss, the scammers are getting better.
This scam has been running for a couple of months now, at least, and while it was originally not fantastic, the text is becoming more convincing. Excess commas and poor language is becoming more direct, as we’ve gone from
"Your highway fee comes to $7.99 dollars, please pay in time."
to something that reads a little better as
"As of Nov 2, 2022, you still have unpaid highway tolls and will be blacklisted, please address this issue promptly"
The first doesn’t make sense — the use of a dollar amount with the word “dollars”, plus “pay in time” isn’t the right phrase, while the new version is close to sounding official.
But of course, it’s anything but official.
How to tell the Linkt texts are a scam
Linkt is pretty quick to point out the number of scams on its site, but there are other ways to determine these messages aren’t real, and one comes from unmasking the link.
We’re not asking you to click on the link — please don’t do that — but rather to run its short link through an unmasking platform, which almost every short link service provides.
In every Linkt SMS scam we’ve seen, criminals are using the Cuttly custom URL shortener, which can hide a link behind a shortened link address. But much like how we can unmask Bitly links to determine if a scammer is using it for nefarious purposes, we can do the same with Cuttly, using Cuttly’s verify form.
To do this, copy the Cuttly link into the form, and hit “Check”. The next page you see should unmask the field, which is very unlikely to match up with the real Linkt website. That should be an indication that the scam is just that: a scam.
What happens if you click on a scam link?
If you do end up clicking on a link, you might get lucky and the URL shortening service might have cut it off. At least two of the links we’ve seen have seen that fate, and the links are now useless, but it’s also possible you could land on a fake version of the real site.
More commonly known as phishing, fake sites are designed to look legitimate, yet don’t house the right functionality. They can look real as a disguise to get you to click and hand over your details, which will likely end up looking like a login system to get you to hand over your email and password, or maybe just a more direct form asking for your credit card details.
In either situation, if you find yourself at one of these, close the web tab or browser window down, and do a search for the real site instead. Scam sites won’t appear above the real thing, and you can rest assured knowing that you’re looking for the legitimate version of whatever the scammer is pretending to be.