WARNING: HIGHWAY phishing campaign

I recently was made aware of a new phishing campaign masquerading as a HIGHWAY onboarding request. The phishing campaign appears to have begun some time in December and is ramping up with recent additional domain registrations. I suspect there may be a lot of potential victims out there who might let their guard down since HIGHWAY started the practice of demanding ELD access and the required credentials. I am posting this to hopefully prevent those of you here from becoming a victim.

I have attached screenshots of two of these phishing emails, as well as two screenshots of the phishing website that is masquerading as an official HIGHWAY service.

The following domains are related to this campaign:

highwayon[dot]com

• Registry Expiration: 2026-01-17 18:59:48 UTC
• Updated: 2025-01-17 18:59:48 UTC
• Created: 2025-01-17 18:59:48 UTC

auth-highway[dot]com

• Registry Expiration: 2026-01-16 13:28:47 UTC
• Updated: 2025-01-16 13:30:31 UTC
• Created: 2025-01-16 13:28:47 UTC

connect-secured[dot]com

• Registry Expiration: 2025-12-19 13:28:55 UTC
• Updated: 2025-01-04 03:31:12 UTC
• Created: 2024-12-19 13:28:55 UTC

onboardstatus[dot]com

• Registry Expiration: 2025-12-23 21:09:04 UTC
• Updated: 2025-01-01 01:58:45 UTC
• Created: 2024-12-23 21:09:04 UTC

Here are samples of what these fraudulent emails look like:





Here are samples of what one of the actual phishing websites look like.

Take note of the "L" in the spelling of "highway". This has been observed in two of the subdomains taking part in this campaign.






If you have fallen victim to one of these, I STRONGLY suggest that you immediately update the login credentials for every online service you use.

 

HIGHWAY is a phishing campaign.
I tell every broker that gets in bed with Highway; Sorry I won't do Highway. Highway isn't selling me. I wish everyone would.

 

Thanks for posting this Vinny. That will trip lots of people up.