I recently was made aware of a new phishing campaign masquerading as a HIGHWAY onboarding request. The phishing campaign appears to have begun some time in December and is ramping up with recent additional domain registrations. I suspect there may be a lot of potential victims out there who might let their guard down since HIGHWAY started the practice of demanding ELD access and the required credentials. I am posting this to hopefully prevent those of you here from becoming a victim.
I have attached screenshots of two of these phishing emails, as well as two screenshots of the phishing website that is masquerading as an official HIGHWAY service.
The following domains are related to this campaign:
highwayon[dot]com
- Registry Expiration: 2026-01-17 18:59:48 UTC
- Updated: 2025-01-17 18:59:48 UTC
- Created: 2025-01-17 18:59:48 UTC
auth-highway[dot]com
- Registry Expiration: 2026-01-16 13:28:47 UTC
- Updated: 2025-01-16 13:30:31 UTC
- Created: 2025-01-16 13:28:47 UTC
connect-secured[dot]com
- Registry Expiration: 2025-12-19 13:28:55 UTC
- Updated: 2025-01-04 03:31:12 UTC
- Created: 2024-12-19 13:28:55 UTC
onboardstatus[dot]com
Here are samples of what these fraudulent emails look like:
- Registry Expiration: 2025-12-23 21:09:04 UTC
- Updated: 2025-01-01 01:58:45 UTC
- Created: 2024-12-23 21:09:04 UTC
![]()
![]()
Here are samples of what one of the actual phishing websites look like.
Take note of the "L" in the spelling of "highway". This has been observed in two of the subdomains taking part in this campaign.
![]()
![]()
If you have fallen victim to one of these, I STRONGLY suggest that you immediately update the login credentials for every online service you use.
WARNING: HIGHWAY phishing campaign
Discussion in 'Trucking Electronics, Gadgets and Software Forum' started by CousinVinny, Jan 17, 2025.