Multiple U.S. states including California, Florida, Georgia, New Jersey, New York, Pennsylvania, and Texas had their respective Departments of Motor Vehicles spoofed as part of a suspected Chinese phishing campaign discovered last month, according to Hackread.
Attacks involved the distribution of fake text warnings of license suspensions or unpaid toll violations with links redirecting to the bogus state DMV website, where targets were sought to provide their personal information along with a $7 payment, a report from Check Point Research revealed. Aside from having domain names patterned after legitimate DMVs, most of the fake sites were under the same IP address. All sites were observed to load identical CSS, JavaScript, and image files, suggesting centralized development, noted researchers, who linked the malicious activity to a China-based attacker after discovering name servers from Chinese provider alidns[.]com and Chinese-language source code comments. Analysis of the campaign's phishing toolkit also showed resemblance with the Smishing Triad's Lighthouse toolkit, researchers added.
Attacks involved the distribution of fake text warnings of license suspensions or unpaid toll violations with links redirecting to the bogus state DMV website, where targets were sought to provide their personal information along with a $7 payment, a report from Check Point Research revealed. Aside from having domain names patterned after legitimate DMVs, most of the fake sites were under the same IP address. All sites were observed to load identical CSS, JavaScript, and image files, suggesting centralized development, noted researchers, who linked the malicious activity to a China-based attacker after discovering name servers from Chinese provider alidns[.]com and Chinese-language source code comments. Analysis of the campaign's phishing toolkit also showed resemblance with the Smishing Triad's Lighthouse toolkit, researchers added.
