US cities are sounding alarms over a surge in phishing text messages impersonating parking violation departments. These deceptive texts claim recipients have unpaid parking invoices and threaten additional daily fines if ignored.
Details of the Phishing Campaign
The ongoing mobile phishing campaign has targeted numerous cities across the United States, including:
- Annapolis
- Boston
- Denver
- Detroit
- Houston
- San Diego
- Greenwich
- Milwaukee
- Salt Lake City
- Charlotte
- San Francisco
The campaign has persisted since December, with many residents receiving alarming messages. A recent example sent to New York City residents stated:
“This is a final reminder from the City of New York regarding the unpaid parking invoice. A $35 daily overdue fee will be charged if payment is not made today.”
This message instructs recipients to click a link for payment, leading to a fraudulent site designed to harvest personal information.
Phishing text and landing page
Source: BleepingComputer
Scammers’ Using Phishing Texts Directing to Fake Sites
Scammers employ an open redirect technique using Google.com. This method tricks users into believing they are being directed to a legitimate site. For instance, the phishing site for New York City is nycparkclient[.]com. This tactic circumvents certain security features, as Apple’s iMessage does not disable links from trusted domains like Google.
When users click the link, they are taken to a fake site mimicking the “NYC Department of Finance: Parking and Camera Violations.” Here, they are prompted to input their name and zip code to proceed. The site then displays a message such as:
“Your vehicle has an unpaid parking invoice in City of New York. To avoid late fees of $35, please settle your balance promptly.”
Notably, the dollar sign appears after the amount, a clear indicator of the scam’s non-US origins.
Risks of Personal Data Theft
Clicking on the “Proceed Now” button leads to a page where scammers attempt to collect sensitive data, including names, addresses, and credit card information. This information can facilitate identity theft, financial fraud, and further phishing attacks.
Precautionary Measures
Authorities recommend that individuals receiving unexpected texts from unknown numbers:
- Report and block the number.
- Avoid clicking on links in suspicious messages.
This wave of phishing texts serves as a stark reminder of the evolving landscape of cyber threats, particularly in the realm of mobile communications.
As cities grapple with this phishing crisis, residents are urged to remain vigilant. Recognizing signs of phishing can help protect personal information and mitigate risks associated with these fraudulent schemes.
Helpful Reads:
