A new scam is spreading in France as the summer holidays approach. This scam relies on the automatic license plate recognition (ANPR) system, increasingly used by toll motorways. This system helps to smooth road traffic, which is very often congested during the summer.
Free-flow electronic toll collection, also called barrier-free toll collection, allows motorists to pay without having to stop at the gantries. These are equipped with camerasandsensors that automatically identify the vehicle's license plate. Payment is made later, by direct debit if the driver is a subscriber, or online within a specified timeframe. No need to stop at a barrier to take out your card or wallet. After your visit, you will receive the invoice with the amount to pay. This is particularly the case on the A13, A14, A4, or A79. Hackers will take advantage of the proliferation of free-flow tolls to extract money and personal data from motorists traveling on French highways. The scam also affects travelers from foreign countries, such as Belgium. "Toll scams are a growing scourge" in France. The modus operandi is simple. The scammers will pretend to be companies like Ulys (Vinci Autoroutes), Sanef, or Aliae, French electronic toll brands like Liber-t, Bip&Go, or another company responsible for private highways. In the text message, the hacker uses the companies' communication codes as closely as possible, including the logo. The message claims "that your last toll has not been paid" and that it is necessary "to regularize this situation as soon as possible to avoid being charged a fixed fine.".
To make the payment, the driver is invited to click on a link provided in the message. Unsurprisingly, this link redirects to a fake site that perfectly imitates the interface of the official website of the company whose identity has been stolen. This is where the trap closes. The victim provides their bank details to finalize the payment. These details are collected by the phishing site. They can be resold on dark web black markets or used to make fraudulent withdrawals. In some cases, hackers ask for other sensitive information, such as your driver's license number or your car's license plate.
A "formidable" scam
The scam works particularly well because the target already expects to receive a message or email from the company with an invoice. The victim is therefore even more likely to be unguarded. Moreover, "the trap is particularly formidable because we often check our phones while traveling, a time when our vigilance is reduced," adds Benoit Grunemwald.
In the car, on the road to vacation, we could be inattentive and fall into the trap. Furthermore, the mention of a fine generally pushes individuals to act hastily, without discernment or perspective. As always, hackers seek to instill fear in the minds of their targets. Finally, it should be noted that scammers demand small amounts, usually around €6.80. Many drivers are thus tempted to pay the money for peace of mind.
How to identify toll scams?
To avoid falling into the trap set by cybercriminals, you need to be on the lookout for a series of warning signs. First of all, we recommend you be wary of text messages or emails that begin with a "generic greeting," such as "Dear Customer," instead of your name. However, it is possible that fraudulent messages will use your full name to fool you. There is enough compromised personal data on the web to develop personalized phishing schemes.
This is why you should also be cautious about any threatening messages that seek to make you pay urgently. These messages often raise the spectre of fines, "suspension of your license" or mention "consequences for your credit report" to push you to take out your credit card. You really should be wary of these types of threats, which are based on nothing.
Finally, toll companies remind you that they never send text messages or emails with a link to pay directly online. Please note that only emails from official addresses, such as @ulys.com or @vinci-autoroutes.com, are reliable. If you have the slightest doubt, take the time to contact the company directly through its official website. Type the address into your browser. Do not trust links included in a message received.
If it turns out that you have fallen into a scammer's trap, take quick steps to protect yourself. If you have provided banking information, immediately block your card andinform your bank of the situation. Also consider freezing your credit file to block any account openings from a cybercriminal. The hacker could use the compromised information to open an account without your knowledge. Keep a close eye on your bank statements for irregularities or strange transactions.
0 Comments