In 2025, millions of Americans received text messages informing them they owed money for unpaid tolls.
The amounts were oddly specific. $6.72. $11.38. $8.14.
Nobody was claiming their car would be repossessed. Nobody was threatening prison. The messages didn’t arrive wrapped in the usual costume of internet fraud. They arrived disguised as paperwork.
The people who clicked weren’t necessarily careless. Many of them were exactly the sort of people who pay their bills on time, balance their accounts, and keep folders full of tax documents they haven’t needed in years but aren’t emotionally prepared to throw away.
The scam worked because it attached itself to something modern life has produced in abundance: tiny obligations nobody can fully keep track of.
Most drivers couldn’t tell you how many toll roads they used during the previous six months. They couldn’t tell you whether a seven-dollar charge was legitimate or not. They couldn’t tell you whether they had already paid it. They only knew that seven dollars sounded plausible enough that spending twenty minutes investigating it felt irrational.
Somewhere on the other side of those messages sat people who understood this perfectly.
The popular image of cyber-criminals remains strangely stuck in the early 2000s. We picture a technical genius surrounded by glowing monitors, breaking through sophisticated security systems while typing at impossible speeds. Hollywood has spent decades selling that version of the story because it looks exciting on screen.
The real business is often much less dramatic.
A criminal sends ten million messages.
A tiny percentage of people respond.
The math works.
Years ago, that approach had limitations. Most scam messages sounded unnatural. The grammar felt strange. The wording felt slightly off. Even when the recipient couldn’t immediately identify what was wrong, something about the message triggered suspicion.
Artificial intelligence has begun removing that friction.
Today a scammer can produce writing that sounds perfectly normal. He can mimic corporate language, customer service language, banking language, healthcare language, and legal language. He can create twenty versions of the same message and test which one performs best. He can personalize communications in ways that would have required an office full of employees not very long ago.
The technology itself gets most of the attention. The more interesting development is what happens when that technology collides with information obtained through data breaches.
A few weeks after a company announces a breach, consumers typically move on. News organizations move on too. Another story arrives. Another crisis takes its place. The breach becomes yesterday’s news.
For criminals, that is often when the opportunity begins.
Reports recently emerged that a hacker group claims to have obtained patient information connected to One Medical, the healthcare company owned by Amazon. Investigators will spend months determining exactly what happened, what information may have been exposed, and whose claims are accurate. That process is important.
What receives less attention is how useful healthcare information can become once it leaves the environment where it was originally collected.
At first glance, stolen medical information doesn’t sound particularly valuable. Most people don’t imagine criminals eagerly studying cholesterol readings or reviewing annual physicals.
The value isn’t necessarily in the records themselves.
The value is in context.
Context has become one of the most powerful assets in the fraud economy.
A random text message requesting payment feels suspicious. A text message referencing a provider you’ve actually visited creates a different reaction. A message mentioning an appointment that really occurred, a clinic that actually exists, or an insurance company you genuinely use begins borrowing credibility from institutions that spent years building trust.
The criminal doesn’t need to create trust.
He simply rents it.
Healthcare creates unusual opportunities because the industry already overwhelms patients with communication. Appointment reminders arrive by text. Billing notices arrive by email. Insurance explanations arrive by mail. Patient portals generate notifications. Pharmacies send alerts. Specialists send follow-ups. Surveys arrive asking about the quality of the experience. Additional messages arrive asking about the survey.
Eventually, the average person stops carefully evaluating every communication and begins processing them the way commuters process road signs. They notice them. They respond when necessary. Most fade into the background.
That environment rewards anyone capable of blending in.
A fake message doesn’t need to be brilliant.
It only needs to look ordinary.
This may be the detail most people misunderstand about modern fraud. The criminals are rarely searching for a moment when you’re frightened. They’re often searching for a moment when you’re distracted.
Fear attracts scrutiny.
Routine bypasses it.
A text requesting $1,500 immediately triggers questions. A text requesting $18.43 for a billing adjustment feels like an errand.
The distinction matters because most successful scams operate in the territory between attention and indifference. The amount isn’t large enough to demand investigation. The issue isn’t serious enough to dominate your day. The request arrives while you’re walking into a meeting, waiting for coffee, picking up groceries, or responding to emails.
The attack isn’t aimed at your intelligence.
It’s aimed at your schedule.
The larger story behind breaches like One Medical isn’t really about healthcare. It isn’t even about cybersecurity. It’s about trust and how strangely transferable trust has become. A hospital, a bank, a toll authority, and a retailer may spend decades convincing customers they’re legitimate. A criminal can borrow pieces of that legitimacy in seconds.
For most of human history, trust traveled slowly. It was built through relationships, reputation, and repeated interactions. Today, trust often arrives as a logo, a sender name, or a notification that looks familiar enough to avoid questioning.
That shift has quietly changed the economics of deception.
The safest response remains surprisingly old-fashioned. When a message concerns money, personal information, medical records, passwords, or account access, treat the message as a lead rather than a fact. Go to the source independently. Call the provider directly. Open the application yourself. Visit the website you already know.
The extra few minutes feel unnecessary right up until the moment they aren’t.
Most breaches eventually disappear from public conversation. Their effects often don’t. They simply reappear wearing a different costume, arriving through a text message that looks ordinary enough to ignore and believable enough to trust.
That is why stories like the One Medical breach deserve attention long after the headlines fade. The breach itself may be over, but the information, if it was obtained, can continue circulating through criminal networks for months or even years. Data has a strange afterlife. Once it escapes into the wild, it rarely stays in one place for long.
So if, over the coming weeks or months, you begin receiving text messages that appear to come from a medical provider, a billing department, an insurance company, or a patient portal, pause before doing anything else. The message may be legitimate. It may not. The point is that you shouldn’t make that determination by trusting the message itself.
One of the easiest mistakes to make is assuming that because a text references a real doctor, a real clinic, or a recent appointment, it must be authentic. Criminals understand how powerful familiar details can be. A single accurate fact often causes people to trust everything that follows.
Most healthcare providers are not sending random text messages demanding immediate payment through unfamiliar links. They have patient portals, billing departments, statements, phone numbers, websites, and established processes. If a text claims you owe money, close the message and contact the provider directly using information you already know is legitimate.
It sounds almost too simple to matter, which is usually the hallmark of advice people ignore until they need it.
The next wave of scams won’t necessarily arrive looking suspicious. It will arrive looking routine. It will look like paperwork. It will look like customer service. It will look like something you’ve seen a hundred times before. And that familiarity is precisely what makes it dangerous.
