A new digital fraud scheme is targeting drivers who use the toll system without gates, known as free flow. Criminosos are developing dozens of fake domains that imitate the official pages of highway concessionaires to steal personal and financial information from users seeking to pay off their toll debts.
The fraudsters’ strategy is based on promoting these fake websites through paid advertisements on search engines. When searching for terms such as “pay toll free flow”, victims are directed to fraudulent pages that appear at the top of the results, inducing them to enter sensitive data, such as vehicle license plate, CPF and credit card information or Pix keys.
The sophistication of the scam is notable, as many of these cloned pages use information from leaked databases to automatically fill in some fields, giving an appearance of legitimacy that deceives even the most attentive users. The malicious campaign remains active and is constantly renewed with the creation of new domains to replace those that are taken down.
The mechanics of digital fraud
The main vector of attraction for victims is sponsored advertisements. Scammers invest in making their links appear prominently in searches, exploiting drivers’ urgency in regularizing payments within 15 days to avoid fines for evasion. Once on the fake website, the user is asked to provide the vehicle’s license plate.
The fraudulent platform then simulates a query and displays a supposed debt, directing the victim to a payment step. Nesse moment, credit card details are requested or a QR Code is generated for payment via Pix. The transferred amounts are sent to orange accounts, making it difficult to track and recover the money.
How the free flow system works
The free flow toll system represents a modernization in highway charging, eliminating physical toll plazas and gates. The technology works through gantries equipped with cameras and sensors that automatically read vehicle license plates or electronic payment labels (tags) installed on windshields.
For vehicles equipped with company tags such as Sem Parar, Veloe or ConectCar, charging is carried out automatically and debited directly on the service invoice. Essa is the safest and most recommended way to use the system, as it eliminates any type of manual query for subsequent payment.
Drivers who do not have the tag must make the payment actively. Concessionaires provide official channels, such as websites, applications or self-service totems, for paying amounts. The legal deadline for making payment is up to 15 calendar days after passing through the gate, and failure to comply results in a fine for a serious traffic violation.
The main targets and the risks involved
The most vulnerable group to this type of scam are drivers who do not use automatic payment tags. Because they need to actively look for ways to pay off their debt, they become easy targets for the fraudulent links that dominate search results.
The financial risk is the most immediate, with the loss of the amount paid for the false toll. However, the consequences can be much more serious. By providing personal data such as full name, CPF and address, victims are exposed to identity theft.
With this information in hand, criminals can open accounts, apply for credit cards and take out loans in the victim’s name, causing major financial and legal disruption. Captured credit card data can also be used for improper purchases or sold on clandestine internet forums.
In the long term, the exposure of this sensitive data can lead to other types of fraud, such as more elaborate social engineering scams, in which criminals use the information obtained to create convincing narratives and extract even more resources from victims.
Expert recommendations to avoid the scam
The main recommendation from digital security experts is to be wary of sponsored links and search results. Instead of clicking on the first link that appears, the ideal is to type the official address of the concessionaire responsible for the highway directly into the browser. Para ensure safe access, drivers can save official websites to their favorites, avoiding the need to perform a new search with each payment. Outra fundamental measure is to give preference to the use of the dealerships’ official applications, which can be downloaded directly from the application stores for Android and iOS, as these environments are controlled and safer.
It is crucial to verify the authenticity of the website before entering any information. Procure by the lock icon in the address bar, which indicates a secure connection (HTTPS), and review the URL carefully to identify small changes or typos that could indicate a fake page. When making payments via Pix, always check the recipient’s name before confirming the transaction. If the name does not match the company name of the official dealership, cancel the transaction immediately, as it is a fraud. Using automatic payment tags remains the most effective way to protect yourself, as it eliminates the need for any manual interaction to pay tolls.
The expansion of technology and the sophistication of crimes
Free flow technology is in the process of expanding across several federal and state highways, such as BR-101 at Rio and Janeiro, and the tendency is for it to become the standard in the coming years. Essa modernization, which aims to optimize traffic flow and reduce operational costs, paradoxically opens up a new field of action for digital crime. Fraudsters follow these technological trends closely and quickly adapt their tactics. The sophistication of phishing campaigns, such as the one targeting electronic tolls, demonstrates a high level of organization, with groups dedicated to registering domains, developing convincing interfaces, managing advertising campaigns and operating a complex network of receiving accounts to launder illegally obtained money. The evolution of the scheme may include the development of fake applications distributed outside official stores, further expanding the scope of the fraud.
The role of concessionaires and authorities
Concessionaires and Agência Nacional of Transportes Terrestres (ANTT) have been issuing constant alerts about fraud. Companies work to take down fake sites as soon as they are identified, but the agility of criminals in registering new domains makes this an ongoing battle.
Identifying a fraudulent website
In addition to checking the email address (URL) and security certificate, users should be aware of other signs of fraud. Erros in Portuguese, poor quality design or the absence of institutional information, such as CNPJ and address, are strong indications that the page is not legitimate.
Another point of attention is the payment method. Desconfie of sites that only offer one payment option, especially if it is exclusively via Pix for an individual account. Official channels generally provide multiple methods, including credit card and direct debit, linked directly to the dealership’s legal entity.
