Drivers Duped By Spoof Toll Collection Emails

Fake Toll Violation Notice Redirects Users To Apparently-Hijacked Church Website In Ontario

U.S. drivers with and without electronic toll accounts have been receiving emails purporting to represent the E-ZPass electronic toll system. The phishing notices have been sent since at least July 8, 2014, and the emails warn users of an unpaid toll that must be paid. The spoof emails use the E-ZPass logo, but they do not originate with E-ZPass or any other state agency.

The emails read, “You have not paid for driving on a toll road. This invoice is sent repeatedly.” The sentence structure and capitalization of the emails do not follow English grammar rules, even to the point of a blatant error at the start of one sentence. “[P]lease service your debt in the shortest possible time,” the email reads, with an obvious capitalization error at the start of the sentence.

TurnpikeInfo.com has received several queries from website visitors asking if the emails are authentic. The spoof demand for payment is completely fake. Furthermore, it does not originate with E-ZPass or with TurnpikeInfo.com.

spoof e-zpass email
A copy of the spoof email being sent to drivers. The link on the email redirects users to a church domain in Canada that has likely been hacked.

Instead, the the alleged sending email address is from the domain GlobalOpen.org, using the email [email protected]. The website, itself, is a blank page, and a review of source code shows no content of any kind. The domain name is owned by a man named Mobashar Yazdani, according to the Whois database maintained by the sponsoring registrar company, 1and1.com. It is unknown whether the emails are actually being sent from GlobalOpen.org. Mr. Yazdani’s email address is listed as [email protected].

Spoof Toll Collection Link Sends Users To Church Domain In Canada

The email contains a link for users to supposedly download their unpaid toll invoice, but the link actually directs users to a domain in Ontario that is likely hijacked. The directory structure and dynamic data used in the link appear to send users to a temporary directory, with data that may be used by either Javascript, PHP or other server-side code to execute an unknown set of instructions. As a security precaution, we at TurnpikeInfo.com did not follow the link to learn what happens. The master domain is IslandBibleChapel.com, which does have a real website operating. That website is built on a content management platform called Joomla.

TurnpikeInfo.com sent an email to the developer of the website, Sault Ste Marie Web Design, in Sault Ste Marie, Ontario, Canada, warning that their client website may have been compromised. At the time of the writing of this article, we had not received a reply.

Toll Violation Notices Are Only Sent Via Postal Mail

If a driver has violated a toll barrier or has a toll invoice to be paid, states’ Departments of Transportation always send the invoice to the address of the registered vehicle using the U.S. Postal Service. Email is never used by state agencies when attempting to collect tolls, either on account or for a violation.

However, even the postal mail has fallen victim to scammers, in recent months. The state of Florida warned drivers in early April of fake toll collection notices that were being sent to drivers across that state, eventually issuing a media warning and issuing pictures of a real toll notice, so that drivers would know how to spot an authentic invoice.