Over the past several weeks, thousands of domains have been registered to impersonate nearly all US states. The domains are, or will be, used in yet another toll and motor vehicle SMiShing campaign. The hostnames aimed at NJ residents start with "nj[.]gov-" or "nj[.]org-" and end with "[.]bond." The webpages deployed in these schemes use stolen branding and mimic the official MVC website. While the webpage displays "Welcome to NJMVC.GOV," the actual URL ends in a .help top-level domain (TLD). Very similar campaigns circulated in early 2025 and 2026. Texts may claim there is an unpaid toll, threaten late fees, and direct recipients to fraudulent webpages. The NJCCIC report, " SMiShing at Scale: A Deep Dive into Toll Violation Text Scams," provides more details on these threats. The NJ MVC only sends text messages to remind residents about scheduled MVC appointments. It does not send texts regarding outstanding toll payments.
Recommendations
- Avoid clicking links, responding to, or acting on unsolicited text messages.
- Confirm requests from senders via contact information obtained from verified and official sources.
- Check your toll service's account by manually typing the official website URL into the browser.
- Report SMiShing to the NJCCIC, FTC, and FBI's IC3, and forward the message to 7726 (SPAM).
