Scammers are sending SMS messages impersonating state vehicle agencies (BMVs/DMVs) claiming outstanding traffic tickets and urging immediate payment via malicious links that harvest payment and identity data. Affected states include Ohio, Indiana, Colorado, West Virginia, Hawaii, Arizona, and New Hampshire, with rapidly rotating scam domains used to host lookalike payment pages. #Ohio #OhioDepartmentOfPublicSafety
Keypoints
- Scam SMS messages pretend to be from state BMVs/DMVs and warn recipients of alleged unpaid traffic tickets demanding immediate payment.
- Examples include messages with poor grammar and fabricated legal citations (e.g., “Ohio Administrative Code 15C-16.003”) and date formatting errors like “September 10nd” and “9st”.
- Clicking the links leads to cloned departmental websites that collect personal details and payment information for financial fraud or identity theft.
- The campaign targets multiple states with similar messages and rapidly rotating domains, making the pages transient but easily recognizable by content and format.
- Authorities including the Ohio Department of Public Safety and local police divisions have issued warnings to the public about these scams.
- Defensive recommendations include not clicking links in unsolicited texts, verifying via official agency websites, searching phone numbers, and not replying to the messages.
- If you engaged with the scam site, immediate steps are to change passwords, contact banks, consider fraud alerts or credit freezes, and report identity theft to the FTC at identitytheft.gov.
MITRE Techniques
- [T1204] User Execution – Victims are tricked into clicking malicious links in SMS messages that lead to fraudulent payment/credential collection pages (“If you click the link in the message, you’ll be taken to a website that mimics that of the department in question.”).
- [T1589] Gather Victim Identity Information – Scam sites request personal details and payment information for identity theft and financial fraud (“The site contains a form to fill out your personal details and payment information, which can then be used for financial fraud or even identity theft.”).
- [T1566] Phishing – Attackers send deceptive SMS texts impersonating government agencies to coerce recipients into making payments or providing sensitive data (“Scammers are sending out texts that claim to be from the Bureau of Motor Vehicles (BMV), saying that you have outstanding traffic tickets.”).
- [T1588] Obtain Capabilities: Domains – The campaign uses rapidly rotating and spoofed domains to host scam pages and evade takedown (“The scam messages all look the same except for the domains which are rotated very fast”).
Indicators of Compromise
- [Domain] Scam payment/credential sites – ohio.dtetazt[.]shop, askasas[.]top, and dmv.colorado-govw[.]icu (examples of domains used to host lookalike BMV/DMV pages).
- [Message Content] Sample scam text – the example SMS content with fabricated code “Ohio Administrative Code 15C-16.003” and date errors (“September 10nd”, “9st”) used to coerce payment.