Overview
Multiple large-scale phishing campaigns are impersonating state DMVs, courts, and toll agencies, sending fake violation and fee notices via text message and email. The messages threaten legal and financial consequences — bench warrants, license suspension, registration blocks, late fees, and court involvement — to pressure recipients into clicking malicious links.
OpenEFA is actively detecting and quarantining the email variants of these campaigns.
Known Campaign Variants
Victims receive an SMS or email claiming they have unpaid parking violations. Messages threaten bench warrants, license suspension, and registration holds. Links point to fake government domains.
Known domains: govzxq.cam/dmv and similar non-.gov lookalikes
Victims receive an SMS claiming to be from the Nevada DMV about an unpaid toll fee with an immediate payment deadline. The message threatens a 35% late charge, suspended driving rights, registration block, and court involvement.
Example message:
Known domains: nv.zonev[.]buzz/nvmvd — note the .buzz TLD, not a .gov domain
Common Characteristics
Both variants share the same attack pattern:
- Threats of escalation — bench warrants, license suspension, registration blocks, late fees, court involvement
- A link to a fake government website — domains designed to look official at a glance (e.g.,
govzxq.cam,zonev.buzz) instead of a real.govdomain - Urgency and pressure — demanding immediate action or payment, often with a deadline within 24 hours
- Vague details — no specific citation number, case number, vehicle information, or violation details
SMS variants have been traced to overseas phone numbers (Philippines +63 country code), a clear indicator that these are not legitimate government communications.
Red Flags to Watch For
- Fake domains — Legitimate government websites use
.gov(e.g.,dmv.nv.gov). Watch for lookalikes using.cam,.buzz,.top,.xyz, or domains with extra words stuffed in (e.g.,govzxq,zonev). - Foreign phone numbers — US courts and DMVs do not send legal notices from international mobile numbers.
- No specific details — Real citations include case numbers, violation codes, dates, and locations.
- Reply instructions — Messages asking you to "Reply Y" or "Reply A" to resolve a legal matter are always scams. Courts don't operate this way.
- Pressure and threats — Legitimate agencies provide due process timelines, not immediate threats.
What You Should Do
- Do not click any links in the message
- Do not reply to the text or email
- Delete the message
- Verify independently — If you're concerned about a real parking ticket, go directly to your state's official
.govwebsite by typing the URL yourself - Report it — Forward suspicious texts to 7726 (SPAM) and report phishing emails to the FTC at reportfraud.ftc.gov
How OpenEFA Protects You
OpenEFA's email security platform detects and quarantines phishing emails like this using multiple layers of analysis:
- URL Reputation — Identifies fake government domains and newly registered phishing URLs
- NLP Content Analysis — Detects pressure tactics, urgency language, and impersonation patterns
- Domain Authentication — Verifies SPF, DKIM, and DMARC to catch spoofed sender addresses
- Brand Impersonation Detection — Flags emails impersonating government agencies and known brands
- Behavioral Analysis — Recognizes bulk phishing campaign patterns across our protected network
While OpenEFA catches the email side of these attacks, SMS phishing (smishing) bypasses email filters entirely. Awareness is your best defense against text-based scams.
References
- FTC — Report Fraud
- IC3 — FBI Internet Crime Complaint Center
- Forward suspicious texts to 7726 (SPAM)
OpenEFA publishes security advisories when we identify significant phishing campaigns affecting our customers and the broader community. Bookmark this page or follow us for updates.
OpenEFA® is an AI-powered email security platform by Quantum Logic Systems, LLC. Learn more at openefa.com.