Information Hub‎ > ‎The Bad Guys‎ > ‎Examples Index‎ > ‎

Toll Charges

One attack uses an attached file, often a .zip file, to introduce harmful software into your computer that can cause immediate damage or work in the background quietly sending copies of important files you keep to The Bad Guys.  These can include your Quicken (or other financial) files and Outlook Contact lists just to name two.  Immediate damage can include loss of files and/or damage to your operating system potentially leaving your PC as an expensive lightweight "boat anchor".  The Bad Guys may play for fun and games, they may play for profit but most times it is for keeps at your expense at some level.

For Toll Charges:
As states are moving toll road operations and management to third parties, we are seeing fewer and fewer staffed toll booths to collect fees.  This has created a "new business opportunity" for The Bad Guys to leverage the potential confusion into people taking action to inflict damage to computers or solicit expedited payments.  Those observed as of July 2015 are focused in the infliction of damage.

EXAMPLE #1 ==========

Your-email-Address; on behalf of; 'E-ZPass Manager' Your-email-Address

Indebtedness for driving on toll road #00940096

To     <Your-e-mail-Address>

Message (2 KB)

Notice to Appear,


You have a unpaid bill for using toll road.

You are kindly asked to service your debt in the shortest time possible.


You can find the invoice is in the attachment.



Willie Dwyer,

E-ZPass Manager.



  1. It is highly usual for any e-mail system to repeat the recipients e-mail twice on the same line.
  2. Putting a title in the top line is for intimidation and does nothing for the e-mail system.
  3. Your next question most likely is "what Toll Road and when?".
  4. The "Message" is actually an attachment.  .ZIP files are a file you NEVER want to open unless you know all the details behind it including conformation from the sender from a phone call that you know and trust.  Opening the attached .ZIP file will be the attack against you or your computer.
  5. This is a Notice to Appear but no indication of an address, phone number, etc.  This is another effort to get you to open the attached .ZIP file quickly.
  6. Language is often an indicator to watch for as many but not all originate outside the US.  Note the words "You are kindly asked to service your debt".  This unusual formality suggests involvement from a foreign country where English is also spoken.  Again note the "in the shortest time possible" to get you to open the .ZIP file quickly. 



    We can only speculate based on what a .ZIP file can conceal.  The potential damage could be:
    a)   erasure of part or of your entire disk drive ... hope you have good recent back-up copies

    b)   introduction of software to search for specific file types and send them to an e-mail address
           which could be Quicken Files for your financial records, our Outlook Contacts file, etc.
    c)   software to corrupt or remove some or all of your operating system