Scamming - Public Service Announcement

A text arrived on my phone this morning. Final Warning. Today’s date. Massachusetts Department of Transportation. License suspension if I don’t pay by end of day. A code citation. Five escalating consequences. A payment link. A clever instruction at the bottom, reply “Y” and reopen the message to activate the link.

Every element is engineered. None of it is real.

Massachusetts has no “Centralized Violation Registry.” There is no Administrative Code 15C-16.003. The RMV does not text residents about unpaid tolls, and EZDriveMA, which actually handles tolls, does not suspend driver’s licenses by SMS. The deadline is today because urgency suppresses verification. The threats stack because fear scales compliance. The 35% processing fee is invented. The judicial language is theater.

The domain is the tell anyone can read. Real Massachusetts government addresses end in mass.gov (most do). This one points to mass.due-ticevmj.com , a randomized subdomain on a throwaway parent built to be registered, used, and burned within days.

The “reply Y to activate the link” instruction is the most sophisticated piece. iMessage suppresses hyperlinks from unknown senders by default, Apple built that protection in. Replying turns the sender into a known contact, which reactivates the link. The scam ships with its own bypass for the mitigation.

This is not a lone fraudster with a burner phone. It is industrialized smishing, phishing-as-a-service kits run at scale, tied to organized groups the FBI has tracked across DMV, USPS, toll authority, and IRS impersonation lures. Much of the infrastructure traces to a China-based collective known as the Smishing Triad, operators who rotate domains daily and lease kits to affiliates worldwide. The same template hits every state right now with the agency name swapped.

If you click, your card and personal data hit a resale database within hours. Small charges come first, a few dollars at a digital storefront to confirm the card is live. Then it feeds gift card laundering or synthetic identity stacks used to open new credit lines in your name. By the time fraud hits the statement, the site is offline and the data has moved through three intermediaries.

If you receive one, do not click. Do not reply Y. Do not reply at all. Forward the message to 7726 (SPAM) and delete it. If you genuinely think you might owe a toll, go directly to mass.gov or ezdrivema.com (or ur states equivalent), type it yourself.

Tell your parents. Tell your employees. The people most likely to lose money on this are not the ones reading LinkedIn posts about it. Forward this to someone who needs it.

Remember, the reason they still do these is people fall for it, so don’t assume the people in ur life know it’s a scam- especially ur parents. 

My good deed for the day:)