chase the coins
Scammers target drivers on postpaid toll roads, similar to the Central Ring Road (TsKAD) in the Moscow region. This information came to light through communications with a security company, Zecurion.
Over time, drivers receive a notification about a supposed debt for their trip, along with instructions to pay to avoid a fine. For convenience, scammers offer a payment link sent by email or messaging apps. When the victim clicks, they are led to a counterfeit site that imitates the official operator portal and ends up losing money, according to Zecurion analyst Maria Efremova.
All drivers who use toll roads are potentially at risk, Efremova warned, especially those traveling the Central Ring Road. The threat extends to truck drivers transporting goods and seasonal residents. The scope of victims remains unclear, as figures vary and victims may be undercounted.
RTM Group, which focuses on information security and digital law, confirmed awareness of the scam plan and noted a tally of several dozen victims. Efremova observed that few victims can reliably distinguish a fake toll site from the official Rosavtodor portal because trained drivers often pay tolls online and are less likely to fall for these tricks.
Analysts also note that roughly ten percent of Russians have used toll roads at least once, placing a broad swath of drivers in potential danger from scammers.
Diana Selekhina, principal analyst at Infosecurity, a Softline company, highlighted that in the first half of 2022 more than sixty fake toll-road resources surfaced on the RuNet and were subsequently reported to domain centers for blocking.
Group-IB Incident Response Center researchers added that since early May they identified thirty-six domains tied to the same group used to deceive drivers. At press time, Avtodor – Toll Roads, the operator of the Central Ring Road, had not responded to requests for comment. Tatyana Lynova of Angara Security noted that May saw a similar scam where attackers pushed phishing pages to the top of search results, mimicking official toll-payment pages for the Central Ring Road.
valuable information
Information security professionals emphasize that the primary challenge for scammers is obtaining data about vehicles on toll roads and their owners. Several paths have been proposed to gather this data. First, track-side observers may videotape passing cars to capture license numbers. Second, insiders or operators may leak information for money. Third, WiFi radar devices placed at toll-road entrances or exits could create fake hotspots that collect device IDs from nearby users.
In theory, collected device IDs could be used to trigger targeted advertising or drive banners on social networks and other sites that lead users to debt-payment reminders and phishing pages. Analysts suggest that cameras with license-plate recognition or access to leaked police or insurance databases could be used to match a vehicle to its owner, though the feasibility of such methods is costly and risky. The consensus among experts is that attackers tend to favor simpler, more economical methods rather than deploying highly specialized surveillance tools.
Experts caution that even the idea of a broad, year-long data harvest is unlikely to succeed without a reliable database of owners, which adds another layer of complexity and risk for scammers. Some security specialists remain skeptical about certain high-tech scenarios and believe that most scams rely on straightforward tactics such as cold calls and email reminders. As a result, many drivers who have used toll roads in recent months could be at risk.
To avoid falling prey to scammers, analysts advise sticking to official websites and online services and refraining from clicking payment links sent via instant messaging, social networks, or email without verification. If in doubt, users should navigate directly to the official toll-road portal rather than following search results or third-party links. The overall guidance stresses caution, verification, and the use of trusted channels to complete toll payments.