���߲ݴ�ý

People have reported receiving similar messages, where hackers threaten the receiver with fines, vehicle registration suspensions, potential legal action and other consequences. They also instruct the receiver to click a link in the message.

These links lead to a phishing site that mimics the company’s official portal. Once on the spoofed site, customers are asked for their personally identifiable information (PII) and banking details. Cyber criminals harvest these for use in other nefarious activities, including identity theft or financial fraud. Hackers can use the information to make unauthorized credit card purchases, to take out loans or commit tax fraud under the victim’s name.

“407 ETR will never ask for personal information such as passwords, PINs or credit cards through any contact method,” the company shared in a . “Customers are encouraged to log into My Account at or download the 407 ETR mobile app to view their account and pay their bill.”

How to protect yourself

• Be wary of unexpected texts or emails, especially from addresses or numbers you don’t recognize. Don’t click links leading to websites you are not familiar with. These hacker-controlled sites are designed to harvest your information or download malware onto your device.
• When you receive an SMS or call, it’s best to double-check the information with the company through their official website and official customer service numbers. If the text claims to have information about your online account, use a separate browser to log in to your account using their official website or app.
• Threatening language that often mentions fines, suspensions and legal action is a common red flag to spot. This is meant to make victims panic, so they won’t remember to double-check the source or information.
• Always check the source of the message. In most of these scams, the domain name used by the sender in their email won’t match the domain name of the company. In the example below, notice that the sender pretending to be from E-ZPass used an email address with an “icloud.com” domain. Official notifications, especially from major companies, will be sent using a business email that uses the domain name of the company. 

Cyberattacks have become more rampant with the use of AI, which has allowed even hackers without sophisticated technical training to craft phishing texts, emails and websites within minutes. So, expect more of these types of attempts and be vigilant.