The cybersecurity company Kaspersky detected more than 50 fake domains created to carry out fraud related to the free flow electronic toll system. Essa malicious campaign began to be registered since mid-December 2025 and continues to be active on highways granted in Brasil.
Scammers exploit the transition to the model without gates, which identifies vehicles by license plates and subsequently charges those who do not have an automatic payment tag. Motoristas search the internet for ways to pay off debts and end up accessing fraudulent pages promoted by paid advertisements.
These sites request license plate data, personal information and payment details, resulting in the theft of money or exposure of sensitive data. The practice uses orange accounts that change frequently to make tracking difficult.
Operation of fraudulent websites
Fake domains imitate official dealership portals, displaying similar interfaces to gain trust. When entering the vehicle’s license plate, the system often pulls real information from leaked databases, increasing the page’s credibility.
Scammers invest in sponsored ads on Google and social networks to appear at the top of searches. Essa strategy directs traffic directly to fraud, exploiting the urgency of drivers to regularize tickets.
Kaspersky observes that new domains are constantly registered to replace blocked ones. Essa turnover keeps the campaign active despite removal actions.
Free flow toll operation
The free flow system uses gantries equipped with cameras and sensors to automatically read license plates on highways. Veículos with tags attached to the windshield have the fare debited directly, guaranteeing a ticket without stopping.
For those who do not have the device, the dealership sends a subsequent notification with payment options through official channels. The deadline generally varies up to 15 days to avoid additional fines, depending on the route administrator.
The implementation takes place on several federal and state highways, aiming for greater traffic flow. Redução of congestion and operational costs are benefits highlighted by the responsible concessionaires.
Main risks identified
Drivers without tags represent the main target, as they need to check debts manually. Mensagens or unsolicited links compound the problem by pointing to malicious pages.
Payments via Pix into third-party accounts are common, with amounts immediately transferred to criminals. Cartões of credit are also captured, allowing cloning or improper purchases.
The exposure of CPF and other data facilitates additional fraud on behalf of victims. Especialistas warn that the scheme could evolve into fake applications as the system expands.
Effective forms of protection
- Only access official portals of known dealerships or tag operators.
- Type the address directly into the browser instead of clicking on ads.
- Prefer to register a tag with companies such as Sem Parar, Veloe or ConectCar for automatic payments.
- Check security certificates and complete URL before entering any information.
These practices minimize unnecessary exposures. Atualizações regular antivirus software on mobile devices complements security.
System expansion on Brasil
Free flow already operates in stretches such as BR-101 in Rio of Janeiro and is advancing in other concessions. Investimentos in license plate reading technology ensures accurate identification in most cases.
Dealers highlight gains in operational efficiency with the elimination of traditional plazas. Usuários report greater comfort on long trips without interruptions for manual payment.
Agência Nacional of Transportes Terrestres monitors implementation on federal highways. Não there is a single national portal, reinforcing the need for individual consultation by an administrator.
Guidelines from authorities
ANTT maintains alerts about frauds that misuse the name of the free flow. Criminosos create non-existent billing or side sites to capture payments.
Reports of suspicious pages help in quick removal by providers. Colaboração with security companies strengthens continuous monitoring of new threats.
Drivers should save official links to favorites for direct access. Essa simple measure avoids risky searches in times of rush.
Evolution of digital fraud
Phishing campaigns related to essential services have grown in recent months in the country. Electronic tolls attract attention due to their novelty and the obligation to pay later.
Companies block thousands of daily attempts to access malicious domains. Soluções protection in browsers and cell phones significantly reduces the risk of contamination.
The organization of criminal groups demonstrates sophistication in social engineering techniques. Mudança constant number of receiving accounts makes immediate police actions difficult.
The combination of paid advertisements with convincing interfaces makes the scam particularly effective among users less familiar with online verification. Educação digital remains essential to reduce victims in similar campaigns. Autoridades and companies reinforce awareness campaigns to guide the public about legitimate payment channels.