Text phishing scammers are targeting New York state drivers with messages asking them to update their driver’s licenses. Using the ongoing adoption of the REAL ID Act of 2005 in an attempt to make the scam sound legitimate, the attackers have used three specific text phishing messages, the New York State Department of Motor Vehicles (DMV) said in December 2020.

When it comes to the wider world of digital attacks, this is classed as a phishing scam. The goal of the scammers is to encourage victims to submit personal information.

Learn what to look out for when it comes to this and similar text phishing scams. A message that says it comes from a government agency might be real or a government phishing scam.

The Fake Text Messages

The New York DMV released three types of text phishing messages that serve as the opening salvo in this attack.

Message No. 1: The first attack message informs the recipient in broken English that anyone holding a driver’s license must “update their contact to compliance regulation agreements.”

Message No. 2: The next text phishing message does something similar, telling the recipient they need to modify their mailing and contact information in order to speed up compliance with new ID regulations. This version of the scheme mentions REAL ID by name.

Travelers might recognize REAL ID as a requirement for commercial flights. This form of identification provides proof of the minimum set of security requirements necessary for a person to enter a federal building or board a federally regulated commercial aircraft.

The text phishing message doesn’t mention flights. Instead, it mentions ‘travel’ only. This might be an attempt to trick drivers into thinking they need a REAL ID to drive, travel by train or use other modes of transportation other than federally regulated commercial flights.

Message No. 3: The final text message parrots the previous two iterations but uses the most broken grammar of the three.

It reads as follows: “Due to update on our new regulation compliant, driver license holder must update their contact.”

All three of the driver’s license phishing messages redirect to a fake DMV website designed to steal information.

Other Text Phishing Attacks

New York State DMV warned of a similar text phishing attack in October 2020. In that case, threat actors were using scam text messages to redirect users to a fake DMV website. If someone clicked on it, the attackers could target them with identity theft and/or malware.

In another case, a text phishing scam used a pandemic relief payment as a cover story. The attack message informed the recipient they were entitled to $600 if they clicked on an embedded link. These attackers used spoofing techniques to disguise their message as official correspondence from New York’s Department of Labor, Abnormal Security discovered in December 2020. In the end, if you click on the campaign it leads to a fake New York government portal designed to steal information.

Anti-Phishing Best Practices

These attacks highlight the need for employers to defend themselves against phishing attacks pretending to be government messages. They can do so by investing in creating a security awareness training program. Seeing phishing attacks in a test setting can educate employees about some of the most common types of scams in use today, as well as emerging campaigns.

In addition, employers can consider using phishing prevention technical controls. These monitor their networks for suspicious actions, such as signs of attackers misusing a compromised account. Companies can also leverage user behavior analytics to monitor real users’ behavior against a known baseline and to respond to anomalies before a threat actor makes their move.

More from News

The White House on Quantum Encryption and IoT Labels

A recent White House Fact Sheet outlined the current and future U.S. cybersecurity priorities. While most of the topics covered were in line with expectations, others drew more attention. The emphasis on critical infrastructure protection is clearly a top national priority. However, the plan is to create a labeling system for IoT devices, identifying the ones with the highest cybersecurity standards. Few expected that news. The topic of quantum-resistant encryption reveals that such concerns may become a reality sooner than…

Malware-as-a-Service Flaunts Its Tally of Users and Victims

As time passes, the security landscape keeps getting stranger and scarier. How long did the “not if, but when” mentality towards cyberattacks last — a few years, maybe? Now, security pros think in terms of how often will their organization be attacked and at what cost. Or they consider how the difference between legitimate Software-as-a-Service (SaaS) brands and Malware-as-a-Service (MaaS) gangs keeps getting blurrier. MaaS operators provide web-based services, slick UX, tiered subscriptions, newsletters and Telegram channels that keep users…

New Survey Shows Burnout May Lead to Attrition

For many organizations and the cybersecurity industry as a whole, improving retention and reducing the skills gap is a top priority. Mimecast’s The State of Ransomware Readiness 2022: Reducing the Personal and Business Cost points to another growing concern — burnout that leads to attrition. Without skilled employees, organizations cannot protect their data and infrastructure from increasing cybersecurity attacks. According to Mimecast’s report, 77% of cybersecurity leaders say the number of cyberattacks against their company has increased or stayed the…

Alleged FBI Database Breach Exposes Agents and InfraGard

Recently the feds suffered a big hack, not once, but twice. First, the FBI-run InfraGard program suffered a breach. InfraGard aims to strengthen partnerships with the private sector to share information about cyber and physical threats. That organization experienced a major breach in early December, according to a KrebsOnSecurity report. Allegedly, the InfraGard database — containing contact information of over 80,000 members — appeared up for sale on a cyber crime forum. Also, the hackers have reportedly been communicating with…