Unpaid Tolls Scam

The video by ThioJoe discusses new and evolving scams to watch out for in 2025, emphasizing that simply being aware of them can help protect you (0:09).

Here’s a summary of the scams and general tips:

New and Evolving Scams:

• Unpaid Tolls Scam Texts (0:17): You receive a text message claiming to be from a regional toll system (like EZ-Pass or FasTrack) about unpaid bills, threatening fines or license suspension. It includes a link to a fake phishing site to steal payment details.
• PayPal “Address Added” Scam Email (0:56): An email, surprisingly from the real PayPal domain, claims an address was added to your account and an order was placed. The scam message is hidden within the address field. The goal is to trick you into contacting fake support and downloading remote control software.
• Windows “Run Command” Scam (2:03): A scam website instructs you to press Windows + R, then Control + V and Enter, to run a malicious command hidden with dummy text, which downloads a virus onto your computer.
• “I Accidentally Reported You” Scam (3:22): This scam, now appearing on platforms like Twitter (and likely Facebook/Instagram), involves a message from a random person claiming they mistakenly reported your account and it’s facing a ban. They direct you to a fake admin account that demands a cash payment for “verification.”
• Shopify Fake Order Scam (4:49): You might receive a fake order notification from the Shopify app or an email, often for a large sum, claiming to be from a generic “Help Center.” The intent is to get you to contact them to “cancel” the order, leading to information theft.
• App Authorization Scams (6:36): Be cautious when granting permissions to apps or websites that connect to your accounts (e.g., Google, Steam). Scammers create fake apps with legitimate-looking names and icons (7:21) to gain full control of your account, allowing them to tweet scams (7:38) or steal valuable in-game inventory (8:10).
• Notification System Abuse Scams (8:14): Scammers exploit legitimate email notification systems to bypass spam filters.
  • Google Drive “Shared File” Emails (8:29): You receive a Google Drive notification that a document was shared, often with an urgent title (e.g., “Wells Fargo”). The attached PDF links to a phishing site.
  • YouTube “Private Video” Notifications (9:16): Scammers upload private YouTube videos with deceptive titles (e.g., “Changes in monetization policy”) and share them with targets, directing them to phishing links in the description.
• More Legitimate Sounding Scam Messages (10:06): Thanks to AI, scam emails and DMs (e.g., fake sponsorship offers from Nvidia, Sony, Logitech (10:19), or podcast invitations) are now very well-written and appear highly legitimate. Always verify the “From” address for emails (11:39).
• More Realistic Scam Websites (11:43): Scam websites, like fake browser update pages (11:49) (e.g., for Chrome), now look almost identical to official sites. These often distribute “stealer” malware that steals browser session cookies, giving scammers access to your logged-in accounts without needing your passwords (12:18).

General Tips & Advice:

• Phone Calls (12:33): Avoid picking up calls from unknown numbers unless expecting a specific one; important calls will leave a voicemail. iPhones have a feature to silence calls from non-contacts (12:53).
• Browser Security (13:04):
  • Google Chrome: Enable “Enhanced Protection” under Privacy and Security > Security for faster, real-time scam website detection (13:07).
  • Microsoft Edge: Set “Enhance My Security on the Web” to balanced under Privacy Search and Services (13:28). Edge also has a “Scareware blocker” feature that uses AI to detect fake tech support or scam sites (13:48).