The website uses official NJ MVC logos and branding to collect personally identifiable information (PII) and financial information. Threat actors behind this campaign are also attempting to steal multiple payment methods. A user reported that after submitting their payment information, the website returned an error message stating that the card was not accepted. After entering a secondary card, the website indicated that it could not accept payments from that financial institution.
Recommendations
- Avoid clicking links, responding to, or acting on unsolicited text messages.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Type official website URLs into browsers manually.
- Users who submitted payment information to these webpages are advised to contact their banking institutions to report the fraudulent purchases.
- Report SMiShing to the NJCCIC, the FBI's IC3, and forward the message to 7726 (SPAM).
