A growing number of U.S. cities are alerting residents to a widespread phishing scam involving fraudulent text messages about unpaid parking violations. These deceptive messages aim to steal personal and financial information from unsuspecting motorists.
Phishing scam details
The scam involves text messages that appear to be official notices from city parking authorities. The messages claim recipients have unpaid parking invoices and threaten additional daily fines if they are not promptly paid.
BleepingComputer reported that individuals in New York received texts stating: “This is a final reminder from the City of New York regarding the unpaid parking invoice. A $35 daily overdue fee will be charged if payment is not made today.”
These messages include links to fraudulent websites designed to collect sensitive information.
Is your city affected?
Multiple cities have reported such phishing attempts, including Annapolis, Boston, Greenwich, Denver, Detroit, Houston, Milwaukee, Salt Lake City, Charlotte, San Diego, and San Francisco.
The surge in these scams began in December and has continued unabated, prompting city officials to issue warnings to their residents.
Protective measures for motorists
Authorities advise motorists to exercise caution when receiving unsolicited text messages about unpaid parking violations. Try to:
- Verify authenticity: Do not click on links in unsolicited messages. Instead, use official contact information to confirm any outstanding violations and contact the city’s parking authority directly.
- Recognize red flags: Be wary of urgent language, threats of additional fines, or unfamiliar web links, as these are common tactics used by scammers.
- Report suspicious messages: Notify local authorities or consumer protection agencies about potential phishing attempts to help prevent others from falling victim.
Implications for organizations
While these phishing scams currently target individual motorists, organizations should remain vigilant, as similar tactics could be employed against businesses. Companies should:
- Conduct regular training sessions on identifying and handling phishing attempts, emphasizing the importance of not clicking on suspicious links.
- Utilize email and SMS filtering solutions to detect and block phishing messages before they reach employees.
- Create clear procedures for employees to verify the legitimacy of unsolicited communications, especially those requesting sensitive information or payments.
To further fortify your security measures, learn about spear phishing, which targets individuals or specific groups in an organization, and how you can avoid it.
