DMV-Themed Phishing Campaign Targeting U.S. Citizens

SUMMARY :

A sophisticated phishing campaign impersonating U.S. state Departments of Motor Vehicles emerged in May 2025, using SMS phishing and deceptive websites to harvest personal and financial data. Victims received messages about unpaid toll violations, directing them to fake DMV sites requesting extensive information. Technical analysis revealed shared infrastructure, consistent domain naming, and indicators of a China-based threat actor. The campaign used spoofed SMS numbers, often from the Philippines, and email addresses from obscure domains. Phishing websites followed a pattern using state IDs and specific TLDs. Infrastructure analysis showed connections to known malicious IP addresses and Chinese DNS providers. The campaign's widespread impact prompted alerts from multiple states and federal authorities.

OPENCTI LABELS :

phishing,impersonation,smishing,infrastructure-analysis,data-harvesting,sms-spoofing,dmv,china-based


Open in NetmanageIT OpenCTI Public Instance with below link!


Use public read only username and password on login page.

NOTE : Use Public READ only user credentials on login page banner.


DMV-Themed Phishing Campaign Targeting U.S. Citizens