Republished on June 15 with new red flags for smartphone users to beware.
Attacks on iPhone and Android users surged more than 700% this month, with malicious texts targeting multiple cities and states. Following alerts from police forces across the country, the FBI has now confirmed the latest warning and stepped in. This threat comes directly from China, and you need to delete all these texts immediately.
As I reported earlier this week, the infamous unpaid toll texts that have plagued American smartphone users for more than a year “have seen a significant decline recently. But the DMV texts that have replaced them are “more threatening.” Attackers have learnt lessons from their unpaid toll texts, and this attack will be more dangerous.
That’s the warning from Guardio, whose researchers have been tracking these attacks for months. Its team “spotted a 773% surge in DMV scam texts during the first week of June,” which shows no signs of slowing. “These scam texts lead to phishing websites designed to steal people’s credit card information and make unauthorized charges.”
Now the FBI has confirmed it is investigating the DMV scam. According to FBI Tennessee’s Supervisory Special Agent David Palmer, the unpaid toll cybercriminals have “pivoted to the DMV scam.” Confirming the gangs operate from overseas, Palmer warns these texts can “put malware on your phone, which then can go in and steal information from your device, or collect your payment information.”
Palmer warns smartphone users “if you don’t know who [a text] is from, don’t click the link.” Those links use domains crafted to trick users into thinking they’re legitimate. As Guardio explains, “scammers generate a new domain for almost every DMV text. The format is usually the name of a state followed by a generic domain. Sometimes they include ‘.gov’ as part of the URL to make the website appear legitimate.”
There will be millions of these texts sent out over the coming weeks and months. As Resecurity warns, “just one threat actor can send “up to 2,000,000 smishing messages daily,” which means targeting “up to 60,000,000 victims per month, or 720,000,000 per year, enough to target every person in the U.S. at least twice every year.”
“The Chinese cybercriminal syndicates involved in smishing,” Resecurity warns, “are brazen because they feel untouchable. They have emphasized in their communications that they do not care about U.S. law enforcement agencies. Residing in China, they enjoy complete freedom of action and engage in many illegal activities.”
Just as with undelivered packages and unpaid tolls, the FBI’s advice is to “delete any smishing texts received.” You don’t want the dangerous links left on your phone, even though many are only active for a few hours before they’re detected and blocked.
This surge in fake DMV texts has prompted Senator Tina Smith to “press the Trump Administration to stop the widespread text message scam affecting Minnesotans,” just one of the many states now affected.
Smith says this is “beyond a simple nuisance,” and “jeopardizes the financial security of those it victimizes. And these messages threaten the peace of mind of thousands of Minnesotans who face the uncertainty of whether these messages are authentic. This scale and sophistication of this scam campaign calls for a federal response.”
Arizona’s Attorney General has also issued a warning to the state’s citizens. “No matter which agency they’re pretending to represent, government imposters share a common set of strategies to steal your information and savings,” AG Kris Mayes says. “Not only is the scammer trying to steal consumers’ money, but if you click the link, they could get your personal info (like your driver’s license number) — and even steal your identity.”
Meanwhile, Oregon’s DMV is the latest to warn its drivers. “These messages are not from Oregon DMV,” the DMV’s Chris Crabb warns. “These are fake messages designed to get you to click on a link and provide personal information or send money.”
The new DMV attacks go beyond the late payment lure with the toll texts, these cite a non-specific traffic offense and threaten suspensions of driving licenses and vehicle registrations. They create a sense of panic and urgency to push users to engage.
While the format of these scam DMV texts should makes them easy to detect, sometimes the tell are even easier to spot. Texts from the Philippines (1,2) are now targeting drivers in California and elsewhere, warning that of a “Department of Motor Vehicles Final Notice,” and that “enforcement actions” will begin within hours.”
These actions will include an immediately suspending the vehicle registration and “suspending driving privileges for 30 days.” Fortunately that +63 dial code is the easiest imaginable flaw. As is the .VIP top level domain if you study the link.
Meanwhile, Ohio’s Bureau of Motor Vehicles (BMV) has issued its own warning, showing an example BMV scam text that originates from a +44 UK number. BMV Registrar of Motor Vehicles, Charlie Norman, warns “there are really some telltale signs and some red flags and these kinds of texts.”
“They all sort of follow this same pattern,” Norman says. “There’s a threatening tone, there’s an abnormal sense of urgency to take action, to do something, so if you don’t do A then we will do B. It cites a section of the revised code that doesn’t exist. Often if you look at that link that they want you to click, it’s a domain that if you look closely, it’s not the domain of the actual website they say they’re sending you to.”
It could be even more spurious than dodgy numbers and domains. In. Arizona, the attack even makes up an entire government agency. Local media reports “several people in Arizona and other states have reported getting texts this week that are alleged to be from a government department that does not exist. The scam texts claim to be from the ‘Arizona Ministry of Communications’. The texts tell the recipient that they have an outstanding traffic ticket and to suspend their vehicle registration.”
But just as with other text attacks, the advice is very simple. You must not engage in any way. Every one of these texts is a scam. If you have any doubts, contact your DMV using public channels. You can report the text. But you must delete it
As New York’s DMV warns, the DMV scam texts “often include logos, images, and content copied from the legitimate New York State DMV website (or another New York State government site) to make their fraudulent communication appear realistic. Remember that if the message does not feel right, chances are it is not.”