← Back to Pulse Feed
PULSE DETAIL
PULSE NAME
"Don't feed the toll troll": New threat actor (IMP-1G) engaging in SMS phishing activities, targeting US and Canadian public services. 100+ IOFA domains discovered, with only 10% known to authorities.
A new threat actor, designated as IMP-1G, has been discovered engaging in SMS phishing activities targeting US and Canadian public services. The campaign focuses on toll roads, mass transit systems, postal services, court payments, municipal payments, and state-owned utility companies across multiple states and provinces. Over 100 Indicator of Future Attack (IOFA) domains have been identified, with only 10% known to authorities. The phishing domains impersonate government payment portals to steal credit card information and personal data. The threat actor also targets financial institutions and cryptocurrency users with similar tactics. Law enforcement agencies have seized some domains, but the majority remain active.
MITRE ATT&CK & Malware Families
| TYPE | INDICATOR | DESCRIPTION | CREATED | |
|---|---|---|---|---|
| domain | a25-bridgepayment.com | — | 2024-10-11 | |
| domain | alberta-accounts.com | — | 2024-10-11 | |
| domain | alberta-infractions.com | — | 2024-10-11 | |
| domain | alberta-traffictickets.com | — | 2024-10-11 | |
| domain | bayareafastrak-fees.com | — | 2024-10-11 | |
| domain | bayareafastrakexpresslane.com | — | 2024-10-11 | |
| domain | bayareafastrakinvoice.com | — | 2024-10-11 | |
| domain | bayareafastrakinvoices.com | — | 2024-10-11 | |
| domain | bayareafastrakstolls.com | — | 2024-10-11 | |
| domain | bayareasf-fastrak.com | — | 2024-10-11 | |
| domain | bc-fine.com | — | 2024-10-11 | |
| domain | bc-infractions.com | — | 2024-10-11 | |
| domain | bcpay-accounts.com | — | 2024-10-11 | |
| domain | bcpay-infraction.com | — | 2024-10-11 | |
| domain | canadapost-packagecenter.com | — | 2024-10-11 | |
| domain | depositetransfercanada.com | — | 2024-10-11 | |
| domain | drive-ks.org | — | 2024-10-11 | |
| domain | epcor-account.com | — | 2024-10-11 | |
| domain | expresstollinvoice.com | — | 2024-10-11 | |
| domain | ezdrivemas.com | — | 2024-10-11 | |
| domain | ezdrivematoll.com | — | 2024-10-11 | |
| domain | ezdrivematolls.com | — | 2024-10-11 | |
| domain | fastrak-payment.com | — | 2024-10-11 | |
| domain | floridasunpassinvoice.com | — | 2024-10-11 | |
| domain | flpayheresunpass.com | — | 2024-10-11 | |
| domain | flsunpasspayhere.com | — | 2024-10-11 | |
| domain | gapeachpasstolls.com | — | 2024-10-11 | |
| domain | illinoistollwayinvoice.com | — | 2024-10-11 | |
| domain | indianatollroads.com | — | 2024-10-11 | |
| domain | invoicesezdrivematolls.com | — | 2024-10-11 | |
| domain | inx-132244.shop | — | 2024-10-11 | |
| domain | mygoodtogoinvoice.com | — | 2024-10-11 | |
| domain | mysunpassinvoices.com | — | 2024-10-11 | |
| domain | mysunpasstollsinvoices.com | — | 2024-10-11 | |
| domain | ncquickpassinvoice.com | — | 2024-10-11 | |
| domain | nycitypay.com | — | 2024-10-11 | |
| domain | nycitypayinvoice.com | — | 2024-10-11 | |
| domain | nycitypaynotice.com | — | 2024-10-11 | |
| domain | nycitypayparking.com | — | 2024-10-11 | |
| domain | oh-lanes.com | — | 2024-10-11 | |
| domain | ohioturnpiketolls.org | — | 2024-10-11 | |
| domain | ontario-courtspayment.com | — | 2024-10-11 | |
| domain | ontariocanadacourt.com | — | 2024-10-11 | |
| domain | ontariocourts-setfines-ca.com | — | 2024-10-11 | |
| domain | ontariocourts-webpayment.com | — | 2024-10-11 | |
| domain | ontariowebcourt-ca.com | — | 2024-10-11 | |
| domain | paturnpikeinvoices.com | — | 2024-10-11 | |
| domain | paturnpikestolls.com | — | 2024-10-11 | |
| domain | paturnpiketollsinvoices.com | — | 2024-10-11 | |
| domain | paybc-account.com | — | 2024-10-11 | |
| domain | paybc-fine.com | — | 2024-10-11 | |
| domain | paybc-infraction.com | — | 2024-10-11 | |
| domain | peachpasstolls.com | — | 2024-10-11 | |
| domain | peachpasstollservices.com | — | 2024-10-11 | |
| domain | revenuecanadadeposit.com | — | 2024-10-11 | |
| domain | rmatollservices.com | — | 2024-10-11 | |
| domain | service-courtus.com | — | 2024-10-11 | |
| domain | services-ledger-hardware.com | — | 2024-10-11 | |
| domain | southernconnectortolls.com | — | 2024-10-11 | |
| domain | sunpassinvoice.com | — | 2024-10-11 | |
| domain | sunpassinvoices.com | — | 2024-10-11 | |
| domain | sunpassinvoicestolls.com | — | 2024-10-11 | |
| domain | sunpasstollcheckout.com | — | 2024-10-11 | |
| domain | sunpasstollinvoices.com | — | 2024-10-11 | |
| domain | sunpasstollsbill.com | — | 2024-10-11 | |
| domain | support-theta-token.com | — | 2024-10-11 | |
| domain | tennessetollinvoices.com | — | 2024-10-11 | |
| domain | texasrmatoll.com | — | 2024-10-11 | |
| domain | tollbymailsnyinvoice.com | — | 2024-10-11 | |
| domain | tollon407-etr.com | — | 2024-10-11 | |
| domain | tollsbymailnyinvoice.com | — | 2024-10-11 | |
| domain | tollsbymailsinvoices.com | — | 2024-10-11 | |
| domain | tollservicesma.com | — | 2024-10-11 | |
| domain | us-courtweb.com | — | 2024-10-11 | |
| domain | uscourt-ticket.com | — | 2024-10-11 | |
| domain | uspsmailupdate.com | — | 2024-10-11 |
References (1)