Apparently my E-ZPass account is in arrears :-/

We get a lot of inquiries from our clients about various suspicious emails that they receive. There is a bit of "skill" in determining what's a legitimate email and what's a scam. Sending email is very inexpensive for spammers and scammers, and email "From:" addresses are readily faked and should not be taken at face value. 

These emails are sent to get you to visit the scammers' website for one or more of the following reasons:

  1. to infect your computer with malware
  2. to collect login information from you

The malware will may either spy on you to collect various account login information (e.g., banking, etc.) or attempt to extort money from you, either with false "virus removal" services or through encrypting your documents and requiring payment to decrypt them.

Collecting your login information for other sites & services (e.g., Gmail, Dropbox, etc.) allows scammers to use otherwise innocent peoples' accounts to continue their activities.

Below is a scam email I received recently, which I've marked up and will point out the various signs present that immediately indicate to me the email is a scam. 

  1. The "From:" email address is completely suspect. Would a legitimate company be sending mail from such an address or domain? Seems very unlikely.
  2. Suspicious sounding English. Remember much of this activity is perpetrated by people who aren't native English speakers, so bad grammar and unusual diction is often a sign the email is suspicious.
  3. Here's an obvious one: I don't even drive on a toll-road that has an "E-ZPass" or uses colors as found in the logo and email.
  4. More bad English. 

Number 5 above is my personal favorite: a website with an incredibly unusual address AND that just happens to use Iran's top level domain (i.e., .ir ) instead of something you'd expect to see like .com.

The weight of the evidence is very much indicating that this message is a scam.

Even if the message appears to come from someone you know or trust, it's not a bad idea to be suspicious in light of how easy it is to falsify a "From:" address.

If you're ever in doubt, we're also here to help. :)