The New York State Department of Motor Vehicles (DMV) has published a threat advisory to warn its customers about a phishing scam that can steal sums by exfiltrating credentials. Based on reports, the phishing scam attempts to steal its targeted victims’ credentials and other essential information.
The phishing attack includes spam messages containing malicious links and text messages assuring a target with $1,500 in state fuel rebates. According to the text messages, the rebate’s purpose is to compensate against the increasing fuel costs.
Unfortunately, anyone who is fooled by this message and accesses the links will be redirected to a webpage created by the hackers to appear to lie a legitimate DMV website. The threat actors made a specially crafted website to deceive targets into inputting their personal information. The webpage will deliver these troves of data submitted to the malicious site to the hacker-controlled environment.
In addition, the threat actors can use the stolen information to commit identity theft scams or install malicious software. DMV has yet to provide additional details on the phishing scams and samples of text messages utilised by the threat actors to trick its recipients.
DMV may not have yet released some sample phishing texts, but it reminded its customers to be wary of such an attack.
However, DMV warned its users to remain wary of receiving and accessing text messages or emails that seem sketchy.
A recent phishing attack also exploited the Follina flaw to distribute the Rozena backdoor. This detail implies that phishing operators are slowly increasing again. Moreover, a phishing campaign used Facebook Messenger chatbots to steal troves of data to manage Facebook pages.
Furthermore, a phishing strategy used the MS Edge WebView2 applications to steal numerous authentication cookies of targets.
The New York State office has given several recommendations for staying safe from the negative impacts of phishing scams. Some advice includes avoiding personal information and double-checking if the email has misspelt words or grammar errors.
In addition, always be aware of the URL if it matches a legitimate site by checking it from an authentic source. Analysing the threats indicated in the emails is also for identifying whether the message is bluffing.