Abuse takes its “toll” on .top: But who is paying the price?

Spamhaus researchers observed a 50% increase in abuse of the .top gTLD (211,406 detections over six months), highlighting smishing toll-road scams that send SMS messages with phishing links to fake E‑ZPass/FasTrak payment portals (examples: e-zpass.com-txzy.top, bayareafastrak.com-fzxb.top) which harvest payment credentials; the report describes the SMS→fake-site→data theft flow and notes at least one malicious site was taken down on May 4, 2025.