DMV-Themed Phishing Campaign Hits Thousands US Citizens

In 2025, a highly coordinated phishing campaign targeted U.S. citizens by impersonating state Departments of Motor Vehicles (DMVs) through SMS phishing, or smishing, using spoofed local numbers and alarming messages about fictitious unpaid toll violations. Victims were directed to counterfeit DMV websites designed to collect personal and financial information under the pretense of paying small fines, with technical analysis linking the campaign to a China-based threat actor utilizing a centralized phishing kit named 'Lighthouse.' The attack infrastructure included consistent domain naming conventions, reused frontend assets, and hosting patterns involving Chinese servers, highlighting a sophisticated, service-based phishing operation. Cybersecurity experts emphasize advanced detection and prevention strategies such as multi-factor authentication, AI and machine learning-based detection, URL filtering, and DMARC authentication to combat evolving phishing threats. Additionally, China’s Ministry of State Security has warned of phishing emails containing Trojan programs sent by foreign spies aimed at Chinese military and research institutions, demonstrating the global scope and increasing complexity of phishing attacks. These developments underline the critical need for heightened awareness and robust cybersecurity defenses against phishing campaigns targeting both individual and organizational victims.