Connecticut Better Business Bureau is alerting E-Z Pass holders to a scam involving a phony email that appears to come from that company.
The email sports the E-Z Pass colors and logo and appears to be about collecting money for an unpaid toll. The message says you have ignored previous bills and urges you to pay immediately, by downloading an attached “invoice.”
(See example in PDF format at epi.bbb.org/Global/Wallingford_CT_29/Documents/E-ZPass.pdf/).
You download the attachment, but nothing seems to happen. Unfortunately, in doing so, you have downloaded a virus that scan your machine for personal and banking information, exposing you up to the threat of ID theft.
As the con evolves, scammers might change to phishing phone calls or link to a compromised or fraudulent third party website instead of sending an email attachment.
How to Spot a Phishing Email:
Watch for lookalike URLs — Be wary of sites that have the brand name as a subdomain of another URL (i.e. “ezpass.scamwebsite(dot)com”) or part of a longer URL (i.e. “ezpasspayyourtolls(dot)com.”)
Hover over URLs in emails to reveal their true destination — Scammers can make links appear to lead to a legitimate website, when in fact they really point to a scam site, illustrated by the examples above. Don’t click the link — just hover your mouse over it to reveal the link’s real destination.
Don’t open attachments from unfamiliar sources — Legitimate businesses rarely send unsolicited emails with attachments. Always confirm whether an email is real before you download an attachment or click on a link.
Consider how the business normally reaches you — Most businesses send invoices by postal service, in the body of an email (no attachment) or by asking you to log into your secure account.
Contact the business — When in doubt, call the business’s customer support line to check the legitimacy of the email. Be sure to find the phone number on your bill or by a web search — not the email or website the scammers provided