Florida’s toll agencies (SunPass and E-PASS) are facing a phishing scam where fraudulent text messages impersonate official toll fee notifications, coercing recipients into clicking malicious links under threats of late fees or legal action. The attack harvests sensitive personal data including credit card numbers, driver’s license details, and Social Security numbers which is later sold on the dark web for identity theft or further fraud. While no direct financial loss or system breach of the agencies’ infrastructure is reported, the scam exploits customer trust in government services, risking widespread identity fraud. Victims may suffer long-term consequences like credit damage, unauthorized account access, or secondary scams. The agencies have launched a public awareness campaign to mitigate risks, but the incident highlights vulnerabilities in public-facing digital communication channels, where impersonation can erode reputation and expose individuals to persistent cyber threats.
TPRM report: https://www.rankiteo.com/company/florida-department-of-transportation
"id": "flo2345523102825",
"linkid": "florida-department-of-transportation",
"type": "Cyber Attack",
"date": "10/2025",
"severity": "60",
"impact": "2",
"explanation": "Attack limited on finance or reputation"{'affected_entities': [{'customers_affected': 'Florida drivers (SunPass users)',
'industry': 'transportation',
'location': 'Florida, USA',
'name': 'Florida’s Turnpike Enterprise',
'type': 'government agency'},
{'customers_affected': 'Florida drivers (E-PASS users)',
'industry': 'transportation',
'location': 'Central Florida, USA',
'name': 'Central Florida Expressway Authority (CFX)',
'type': 'government agency'},
{'location': 'Florida, USA',
'name': 'SunPass Users',
'type': 'consumers'},
{'location': 'Central Florida, USA',
'name': 'E-PASS Users',
'type': 'consumers'}],
'attack_vector': ['SMS phishing (smishing)', 'malicious links'],
'customer_advisories': ['Do not click links in unsolicited toll-related '
'texts.',
'Delete suspicious messages immediately.',
'Verify accounts only through official websites.'],
'data_breach': {'data_exfiltration': 'yes (data sold on dark web)',
'personally_identifiable_information': 'yes',
'sensitivity_of_data': 'high (identity theft risk)',
'type_of_data_compromised': ['PII (driver’s license numbers, '
'SSNs)',
'payment information (credit '
'card numbers)']},
'description': 'Florida transportation officials (Florida’s Turnpike '
'Enterprise and Central Florida Expressway Authority) have '
'warned drivers about a growing phishing scheme involving '
'fraudulent text messages claiming recipients owe unpaid toll '
'fees. The messages threaten late fees or legal action and '
'prompt users to click a malicious link to enter sensitive '
'personal information (e.g., credit card numbers, driver’s '
'license numbers, Social Security numbers). The stolen data is '
'often sold on the dark web, enabling further identity theft '
'or fraud. Authorities urge users to avoid clicking links, '
'delete suspicious messages, and verify accounts only through '
'official websites (SunPass.com or CFXway.com).',
'impact': {'brand_reputation_impact': ['potential erosion of trust in toll '
'agencies (SunPass, E-PASS)'],
'data_compromised': ['driver’s license numbers',
'credit card numbers',
'Social Security numbers',
'personal identifiable information (PII)'],
'identity_theft_risk': 'high (stolen PII sold on dark web for '
'further scams)',
'payment_information_risk': 'high (credit card numbers targeted)'},
'initial_access_broker': {'data_sold_on_dark_web': 'yes (e.g., bulk trades of '
'Florida driver’s license '
'numbers)',
'entry_point': 'SMS phishing (smishing) links',
'high_value_targets': ['PII (driver’s license '
'numbers, SSNs)',
'payment data']},
'investigation_status': 'ongoing (public awareness phase)',
'lessons_learned': ['Phishing scams exploit trust in authoritative entities '
'(e.g., toll agencies).',
'Public awareness campaigns are critical to mitigating '
'human-targeted attacks.',
'Dark web markets facilitate the trade of stolen PII for '
'further criminal activity.'],
'motivation': ['financial gain', 'data theft', 'identity fraud'],
'post_incident_analysis': {'corrective_actions': ['Public education campaigns '
"(e.g., 'Stop. Think. Don’t "
"Click That Link.').",
'Enhanced reporting '
'mechanisms for fraudulent '
'messages.',
'Collaboration between toll '
'agencies to standardize '
'fraud warnings.'],
'root_causes': ['Lack of user awareness about '
'smishing tactics.',
'Trust in authoritative messaging '
'(e.g., toll agencies).',
'Absence of multi-factor '
'authentication for toll account '
'verification via SMS.']},
'recommendations': ['Never click links in unsolicited messages; verify '
'accounts via official channels.',
'Monitor toll accounts directly through SunPass.com or '
'CFXway.com.',
'Report scams to SunPass, E-PASS, or the Florida Attorney '
'General’s Office.',
'Educate users on recognizing smishing (SMS phishing) '
'tactics.'],
'references': [{'source': 'News report (Orlando, FL)'},
{'source': 'SunPass Official Website',
'url': 'https://www.SunPass.com'},
{'source': 'CFXway Official Website',
'url': 'https://www.CFXway.com'}],
'response': {'communication_strategy': ['media outreach (e.g., news coverage '
'in Orlando, FL)',
'official website warnings',
'collaboration between Florida’s '
'Turnpike Enterprise and CFX'],
'containment_measures': ['public advisories to delete suspicious '
'messages',
'directing users to official websites '
'(SunPass.com, CFXway.com)'],
'incident_response_plan_activated': 'public awareness campaign '
"('Stop. Think. Don’t Click "
"That Link.')",
'remediation_measures': ['reporting mechanism via SunPass, '
'E-PASS, or Florida Attorney General’s '
'Office']},
'stakeholder_advisories': ['Florida’s Turnpike Enterprise',
'Central Florida Expressway Authority (CFX)',
'Florida Attorney General’s Office'],
'title': 'Phishing Scam Targeting Florida Toll Road Users via Fraudulent Text '
'Messages',
'type': ['phishing', 'social engineering', 'identity theft', 'fraud'],
'vulnerability_exploited': 'human trust in authoritative messages (e.g., toll '
'agencies)'}