In May 2025, a sophisticated phishing campaign emerged, impersonating several U.S. state Departments of Motor Vehicles (DMVs). This campaign leveraged widespread SMS phishing (smishing) and deceptive web infrastructure to harvest personal and financial data from unsuspecting citizens. Victims received alarming messages concerning unpaid toll violations and were directed to fake DMV websites that prompted them to resolve the issue by paying a nominal fine. These cloned websites requested extensive personal information and credit card credentials under the guise of verifying user identity. Technical analysis of this campaign uncovered shared infrastructure, consistent domain naming conventions, reused frontend assets, and strong indicators […]
The post DMV-Themed Phishing Campaign Targeting U.S. Citizens appeared first on Check Point Blog.