I recently received an e-mail that appeared to come from EZ Pass New York, warning that I had outstanding unpaid tolls and that repeated failed efforts to get me to pay up would result not only in termination of my account, but also get me in hot water with the state Department of Motor Vehicles. Serious stuff.
Most of the time, I instinctively hit the delete button, but because the e-mail appeared so official-looking—down to the purple logo and the appropriate fonts—that I opened the message, but stopped short of clicking on the attached “invoice” to download it to my desktop. That was a red flag. So, too, was the peculiar wording of the subject line: “In arrears for driving on toll road.” Who talks like that?
Of course, it turned out to be a phishing ploy to plant a virus in my computer via the download, which would expose my personal information to ID thieves.
I subsequently learned that the scam was fairly widespread. EZ Pass posted an alert on its website, and the Better Business Bureau acknowledged it, too. Scammers are getting quite good at creating knockoff logos and documents of legitimate companies, so you need to be extra wary.
It's not just the EZ Pass scam you need to know about. Read our story on impersonation scams to find out about others that are happening right now.
For more Consumer Reports tips on avoiding phishing scams, click here.
Here’s how to spot a phishing e-mail, courtesy of the BBB.
• Beware of look-alike URLs, particularly those that have the brand name as a subdomain of another URL, for example, "ezpass.scamwebsite.com," or those that are part of a longer URL like "ezpasspayyourtolls.com."
• Hover over URLs in e-mails to reveal their true destination. Scammers can make links appear to lead to a legitimate website, when they really point to a scam site, like those mentioned above.
• Don't open attachments from unfamiliar sources. Legitimate businesses rarely send unsolicited e-mails with attachments.
• Confirm an e-mail is real by contacting the business before downloading anything. In the case of EZ Pass New York, the instructions were to call the customer service center.
• Consider how the business normally reaches you. Most businesses send invoices by US Postal Service. And if they contact you by e-mail, they don’t instruct you to download an attachment, but rather log into your secure account.
—Tod Marks
Consumer Reports has no relationship with any advertisers or sponsors on this website. Copyright © 2006-2014 Consumers Union of U.S.