.png)
Although many of us have learned how to recognize scams, bad actors remain persistent and continue to send various fraudulent messages to our devices. Most of the time, they don’t care if the scam attempts are obvious or sophisticated, their main intention is to fatigue you to the point of becoming flustered and making a rushed decision to trick you. Some scams are isolated incidents, some are nationally present happening to your friends, family and coworkers.
Over the weekend, I received a text message on my personal cell phone from a ‘First Name-Last Name-###@RandomOrganization.org’.
The first thing I noticed right away was how detailed, long, and grammatically formatted the text was upon viewing. Usually, a lot of scam messages feel urgent. They’re trying to create an emotional response, utilizing that heightened state to influence victims to their CTA of malicious links. Mimicking an automated promotional SMS message businesses provide for their patrons that sign up to receive a discount. Seeing the message’s length, it is possible it can come off as legit before reading the contents within.
The second factor I noticed was the message coming from a random organization, stated within the message that they were from the Massachusetts Department of Motor Vehicles (DMV). These two did not match and that was my first indicator that this was a smishing attempt using the DMV to take aback trick anyone receiving the message. While I may have known the first indicators as someone new to cybersecurity but practices good cybersecurity hygiene, let’s continue the remaining text to dissect how to further identify this smishing attempt.
Structural Study of the Smishing Attempt
Impersonation: Mentioned above, the message came from a random organization email, however the impersonation appears to be from the Massachusetts Department of Motor Vehicles. Smishing emails will impersonate being from higher authoritative everyday figures such as law enforcement, government agencies, and delivery services, banks and other trusted sources.
Creating a Scenario: The situation present in the smishing attempt is about an unpaid traffic violation “Pursuant to Section 15C-16,003 of the Massachusetts State Administrative Code” claiming that I was a part of a traffic violation that <spoiler alert> did not happen. However, this was their attempt to create a sense of urgency that something that must be done now.
With the sense of urgency, they provided a list of ‘consequences’ of what would happen if they did not have the information they were looking for by June 16th. They also sent it a day before it was “due” which is another typical tactic bad actors use in their smishing attempts.
The consequences they listed:
1. Report to the DMV violation database
2. Suspend your vehicle registration starting June 17th
- Suspend driving privileges for 30 days
- Transfer to a toll booth and charge a 35% service fee
The Hook and Deception:
A provided Call to Action (CTA) link that impersonated a mass.gov- payment link, but I certainly was not going to click and find out! With the CTA they used buzzwords such as ‘Pay Immediately, ‘to avoid’ ‘legal consequences and ‘enforcement’
Would the DMV Actually Message You VIA Text?
In some cases, the DMV can contact you by text! However, they will only ever contact you in circumstances where you have initiated reaching out to them to follow up on a request or confirm/cancel an appointment. In cases like mine, this is an unsolicited text message where I did not reach out to them, and they were threatening me with false legal action if no action is taken.How to Avoid DMV Text Scams
Our Ekaru team strongly recommends anyone that comes across a smishing text to:1. Ignore all texts claiming to be from the DMV especially if you have reached out to them prior. If you did reach out to them, take these messages with significant caution.
2. As mentioned earlier, look out for any potential red flags you notice throughout the contents of the message such as a strong CTA, not referencing you by name, immediate language used with time to response between 24-48 hours.
3. Never ever click the links on text messages. If you come across a link, ignore, do not open it!
4. Do not send over any sensitive information through text messages. It’s important to note the DMV or other government agencies will never ask you for personal information through text and email.
5. If you want to click the link, ensure the URL is a legit source as fake websites can trick victims to releasing personal information into the wrong hands.
6. Once you have confirmed that it is indeed a smishing scam, delete and report the message.
Source: https://www.aura.com/learn/dmv-text-scam
Bottom Line
Scammers are ruthless in their attempts to steal your personal information for their financial gain. Our Ekaru team helps your team and business by staying up to date with the latest cybersecurity scams that can affect you, your loved ones, hey, we even get the same exact phishing attempts everyone else does even while we protect and work in cybersecurity.
Ekaru can ensure you and your business have the proper cybersecurity measures and knowledge through our cybersecurity training program that will ensure you are making the correct decision on your business devices and even your personal devices in a landscape where malicious folks want to exploit your information for financial gain.
Thinking about how to better implement cybersecurity measures for you and your team? Reach out to our Ekaru team and we will work with you on a budget that focuses on all your needs and provides you with the most recent cybersecurity awareness training.