Delete this message immediately.
There is a new attack targeting your phone. After months of warnings to pay overdue road tolls that have swept across America, that scam is finally on the decline. But there’s a new threat taking its place — and this one is worse.
“The unpaid toll scam texts have seen a significant decline recently,” Guardio told me, “with the peak number of messages sent occurring around March – April.” But they have been replaced with “more sophisticated” DMV texts, which are “longer messages tailored to each state,” and which are also “more threatening.”
Guardio says its team “spotted a 773% surge in DMV scam texts during the first week of June,” which shows no signs of slowing. “These scam texts lead to phishing websites designed to steal people’s credit card information and make unauthorized charges.” That means you are likely to get this text at least once, probably many times.
According to Malwarebytes, “44% of people encounter a mobile scam every single day, while 78% encounter scams at least weekly.” The FBI has warned users to delete all such texts on their phones, and multiple U.S. police forces and agencies (1,2,3) have issued warnings this week given new attacks. Just as with the unpaid tolls, these are driven by Chinese criminal gangs, outside the reach of U.S. law enforcement.
DMV text surge
The DMV texts claim an outstanding traffic violation fine needs to be paid, they threaten to suspend vehicle registrations and even enforce driving bans if it remains unpaid. The link in the text purports to open a payment website for the state’s DMV.
“Scammers generate a new domain for almost every DMV text they send,” Guardio says. “The format is usually the name of a state followed by a generic domain. Sometimes they include ‘.gov’ as part of the URL to make the website appear legitimate.”
The top-level domains used are clearly not associated with any state DMV, and if you can spot them within the link you will know it’s a scam for sure. “The top three domain extensions they use across most links are .cc, .icu, and .vip.”
DMV texts
Here are some example links, to give you an idea of what you’re likely to see:
- westvirginia.zaub.cc
- tennessee.cpwy.cc
- oklahoma.gov-vpki.cc
- nebraska.rxsx.cc
- nhgov.nkemi.vip
- oregon.hdktn.vip
- flhsmv.gov-payvnb.icu
- maine.lfkf.cc
- colorado.gov-wcv.cc
- arkansas.anhsl.vip
- klahoma.dkoan.shopם
- oklahoma.gov-juu.cc
- oklahoma.gov-jqq.icu
The DMV scam has not yet rooted into the public consciousness in the same way as unpaid tolls — albeit that took more than a year and still claims victims to this day. But DMV warnings are now being publicized by agencies and law enforcement and this scam will now surge week by week until it’s everywhere.
Just as with the toll texts, these will hit every major city and state in time. Fox News reports that it is already “targeting drivers in states like Connecticut, Pennsylvania, Georgia, Florida, New York, California, Illinois, New Jersey, Virginia, Colorado, Vermont, Texas, North Carolina and even Washington, D.C.”
And it is only just getting started.
