After the COVID-19 pandemic hit last year, many states issued emergency declarations allowing driver’s licenses to remain valid past expiration dates. But those extensions mostly have ended, and drivers now need to make sure their licenses are renewed.
Scammers are exploiting that shift, cybersecurity experts say. Driver’s license phishing scams designed to steal people’s identities have been popping up across the U.S., according to state motor vehicle agencies.
Fraudsters send out texts or email messages falsely warning that the target’s license needs to be updated, is missing information or is expiring. If the person clicks the link, it typically opens a Google Forms spreadsheet requesting personal information such as a Social Security number and date of birth.
In New Jersey, the Department of Transportation posted a warning on its Facebook page last month with a screenshot of a bogus text message that claimed the target needed to “validate” his/her driver’s license.
“NJDOT is not involved in driver’s licenses or vehicle registrations. They are handled by the New Jersey Motor Vehicle Commission,” the department wrote. “We will never ask for or need your driver’s license information.”
Earlier in August, New Jersey’s Office of Homeland Security and Preparedness issued its own alert about a similar, email-based phishing effort.
It’s been difficult for some residents to get in-person appointments with the state’s motor vehicles department, so these scams may have played into that backdrop, said Michael Geraghty, New Jersey’s cybersecurity director.
In July, the New Jersey Cybersecurity and Communications Integration Cell, which publicizes and advises state residents on current cybersecurity threats and scams, was warning residents of fraudulent text messages, which if clicked led to a phishing website that mimicked the state’s Motor Vehicle Commission website MyMVC.
“The phishing web pages are created to appear legitimate, using the same logos, fonts, and color scheme as the official MyMVC site,” warned the cybersecurity office. “As these sites are reported and taken down, others are established.”
While New Jersey officials have alerted Google about the scams and gotten it to take down the sites, that won’t necessarily stop the criminals, Geraghty said.
Some entertainment industry hopefuls practically kill themselves to appear on such nationall…
“It doesn’t prevent the same bad actors from opening a new Google account with a fictitious name, creating a form and using software to blast out text messages,” he said.
In typical phishing, scammers email malicious links or attachments and people unwittingly click them. When the scammers operate through texting, the method is called “SMS phishing” or “smishing.”
In the past two months, Iowa, Minnesota, Ohio, Vermont and Wyoming were among the states warning residents about the scams.
In Illinois, thousands of people have received texts and emails in which scammers pose as the secretary of state or as officials from the state department of transportation, said David Druker, a spokesperson for the Illinois secretary of state’s office, which issues driver’s licenses.
After learning about the phishing and smishing, Illinois officials alerted the FBI and IRS, which have worked with Google to take down the sham webpages. So far, the agencies have identified 1,035 sites and Google has shut down nearly 900 of them, Druker said.
OCEAN CITY — Andrew Gallagher had wanted a Onewheel since the first time he’d heard of them.
“It’s really despicable,” said Druker. “It’s just outrageous that when the country is going through the COVID crisis, people are taking the time and energy to steal information from others.”
Scams in some states have played off Real ID, a secure government-issued driver’s license or identification card that the U.S. Department of Homeland Security will soon be requiring for air travel or access to government-restricted areas. The federal government has extended the deadline for states to issue Real IDs from Oct. 1, 2021, to May 3, 2023, because of the pandemic.
In New York, the Department of Motor Vehicles alerted residents to a text scam that asks them to update their mailing address and contact information for “expedited compliance” with new Real ID regulations.
The agency posts a running list of examples of the many phishing ruses in which scammers pretend to be the DMV. The texts and emails often include DMV logos, images and content copied from the department’s website or from another state government agency.
Fraudsters love to create a sense of urgency when trying to hook victims, cybersecurity experts say.
ATLANTIC CITY — Stephen Head was frustrated. Frustrated with politicians who were resistant …
Driver’s license phishing texts and emails play into that strategy and have become the “scam du jour,” said Alex Hamerstone, risk management director at TrustedSec, a cybersecurity consulting company based near Cleveland.
“It’s very topical. A lot of states extended driver’s license expiration dates because of COVID. It feels real and looks like it comes from the DMV,” Hamerstone said. “It’s a perfect scam storm.”
Press staff contributed to this report.