216.73.216.170

DMV-Themed Phishing Campaign Targeting U.S. Citizens

· Published 20/06/2025 19:26 · Modified 23/06/2025 23:15

Export JSON

Essential information

Published
20/06/2025 19:26
Modified
23/06/2025 23:15
Tags
2025-06-20 china-based data harvesting dmv impersonation infrastructure analysis phishing smishing sms-spoofing
Related entities
6 observables, 2 others

Description

A sophisticated campaign impersonating U.S. state Departments of Motor Vehicles emerged in May 2025, using SMS and deceptive websites to harvest personal and financial data. Victims received messages about unpaid toll violations, directing them to fake sites requesting extensive information. Technical analysis revealed shared infrastructure, consistent domain naming, and indicators of a threat actor. The campaign used spoofed SMS numbers, often from the Philippines, and email addresses from obscure domains. websites followed a pattern using state IDs and specific TLDs. showed connections to known malicious IP addresses and Chinese DNS providers. The campaign's widespread impact prompted alerts from multiple states and federal authorities.

External references