While parking scams have been around for years, a massive wave of phishing text messages has caused numerous cities throughout the US to issue warnings, including from Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, San Francisco, and many others. In the New York City phishing campaign, clicking on the link brings you to a website pretending to be "NYC Department of Finance: Parking and Camera Violations," which will prompt you to enter your name and zip code. US cities are warning of an ongoing mobile phishing campaign pretending to be texts from the city's parking violation departments about unpaid parking invoices, that if unpaid, will incur an additional $35 fine per day. The text message received by BleepingComputer claims to be from the City of New York about an unpaid parking invoice, which would incur a daily $35 fine if not paid. At this point, you can enter any name and zip code and will be brought to a page stating, "Your vehicle has an unpaid parking invoice in City of New York. This same phishing template is used in texts about unpaid parking invoices from other cities seen by BleepingComputer. Clicking on the "Proceed Now" button brings you to the screen where the threat actors attempt to steal your data, including your name, address, phone number, email address, and, eventually, your credit card information. As a general rule, if you receive a text from an unknown phone number or email address that is an out-of-the-blue greeting or asks you to click a link, pay a bill, or respond in some manner, you should report and block the number instead. As Google.com is a trusted domain, Apple iMessage does not disable the link, so using the company's open redirect makes it easier to trick unsuspecting users into clicking on the link by mistake. This information can then be used for a wide variety of malicous activity, including further phishing attacks, identity theft, financial fraud, and the sale of your data to other threat actors. The current wave of texts started last December and has continued since, with BleepingComputer receiving a text targeting New York residents earlier this week. "This is a final reminder from the City of New York regarding the unpaid parking invoice. To circumvent this, the scammers use an open redirect on Google.com to redirect users to a phishing site named after the city it is impersonating.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Sun, 09 Mar 2025 17:20:11 +0000