If you’ve driven on a toll road in the last… well ever… you’ve probably received a real Linkt email at some point. Which is exactly why this new “Overdue Final Toll Invoice” scam is working so well.
MailGuard recently flagged a fresh phishing campaign impersonating Linkt, and it’s a masterclass in psychological pressure, urgency, and design tricks that bypass both filters and human intuition.
Let’s break it down. Behaviour first, tech second.
What Makes This Scam So Convincing
Scammers know we’re all busy. They know we skim emails. They know we’re conditioned to pay bills quickly so they don’t become a problem.
This scam leans into that beautifully, or horribly, depending on your perspective.
- The entire email is one giant image
No text. No typos. No weird spacing.
Just a clean, official-looking Linkt “Final Toll Invoice” with a big Pay My Invoice button.
Why?
Because image-based emails can slip past basic filters that only scan text. And because your brain sees “official logo plus overdue bill” and goes straight into compliance mode. - The sender looks close enough to real
The display name says “Linkt”.
The domain does not.
But most people don’t check domains. They check vibes. And the vibe here is “another toll bill, better pay it”. - The payment flow feels normal
Once you click, the scam unfolds like a real billing process
- A confirmation page
- A credit card form
- A confirmation payment step
- An SMS verification code request
- A payment failed, try again loop
That last step is particularly nasty. It’s designed to squeeze out corrected card details or multiple verification codes.
This isn’t amateur hour. This is real-time fraud.
Why Smart People Fall For This
Because this scam doesn’t target your logic.
It targets your behaviour.
Specifically:
Urgency
“Final invoice”, “overdue”, “pay now” are emotional triggers, not informational ones.
Familiarity
We’ve all seen real Linkt emails. The scam leans on that muscle memory.
Momentum
Once you click, the flow feels routine.
Routine equals low scrutiny.
Trust in verification codes
Most people think SMS codes equal safety.
Here, SMS codes equal helping the attacker validate a live transaction.
This is exactly why Cybermate exists. To help people recognise the psychology behind scams, not just the technical red flags.
Why This Matters for Businesses
This isn’t just a consumer problem.
Finance teams, fleet managers, and anyone handling corporate tolls are prime targets. Every fake invoice that lands in an inbox creates:
- Another decision point
- Another chance for a rushed mistake
- Another investigation for IT
- Another potential identity theft or card compromise
- And the more normal a scam looks, the more dangerous it becomes.
What To Tell Your Team To Look For
Keep it simple. Behaviour first.
Red flags that matter
- Sender domain doesn’t match the real organisation
- Emails that are just one big image
- Urgent language demanding immediate payment
- Any website asking for card details and an SMS code
- Anything that feels too smooth or too familiar
- If it feels like you’re being rushed, you probably are.
How Cybermate Helps
Cybermate trains people to spot the emotional hooks behind scams, the urgency, the pressure, the false familiarity, not just the technical tells.
Cyber safety isn’t about turning staff into detectives.
It’s about helping them recognise when something feels off before they click.
Short lessons. Real examples. Behaviour first.
Exactly the kind of training that stops scams like this in their tracks.
Final Thought
Scammers don’t need to fool everyone.
They just need to fool one person, one time.
This Linkt scam works because it feels normal.
Cybermate works because it teaches people to pause when something feels too normal.
