Recently, many citizens in New York City have received a text message from “New York CityPay” stating, “Our records show that you have an unpaid parking fee of $2.5, which will turn into $25 if not paid promptly.” The message includes a website link ending in .com. However, the official CityPay website uses .gov, not .com. Residents of New York City can pay vehicle fines and property taxes through the official city government website, and check their actual CityPay account balance.
In response to the new parking fee scam, Brooklyn District Attorney Eric Gonzalez and New York City Mayor Eric Adams announced on the 5th that Brooklyn’s Virtual Currency Division had shut down 11 internet domains related to phishing scams.
Gonzalez stated that this week his office became aware of the scheme after a detective received a text message demanding $2.5 to settle an unpaid parking fee or toll balance, along with a link. Additionally, the cybercrime unit received dozens of complaints describing similar text messages. This scam is a type of phishing fraud that seeks to obtain users’ personal information through text messages and websites, often starting with a seemingly legitimate text.
Investigations revealed that when users clicked on the link, they were directed to a seemingly official website claiming to be “NYC Citypay,” where they were asked to provide their name, date of birth, driver’s license number, and credit or debit card information. This information could later be sold on the dark web for identity theft, opening credit card accounts, and other illicit activities.
District Attorney Gonzalez remarked, “Our Virtual Currency Division quickly took action to allow us to dismantle 11 domain names that were defrauding New Yorkers using seemingly legitimate websites. People should remain highly suspicious of any text or email that demands money or personal information, and refrain from clicking on links without understanding the sender. Education and prevention remain the best defense even as we continue to shut down these fraudulent websites.”
Mayor Adams added, “When bad actors attempt to exploit unsuspecting New Yorkers, the government will not stand idly by. Upon learning of this scam, we immediately remind New Yorkers that the Department of Finance and the New York City government will never request payment via text. We will continue to ensure that New Yorkers are promptly informed of the situation.”
After initiating an investigation within 24 hours, the prosecutor’s office identified 11 domain names associated with the scam and, under court orders, took them offline. The deleted domain names include: nycitypay.com, newyorktollbymail.com, tollsnewyorkbymail.com, tollwebmail518ny.com, nytoll585.com, nyaccounttoll.com, mailny8291.com, nytollbymail.com, nytolls2229.com, nybymail.com, ny1ezpassexpress.com, newyorktollbymail.com.
Individuals who replied to the text message and entered their information should freeze the accounts used to make small payments, activate credit card freezes, inform their banks and credit card providers, and closely monitor their financial activities for any unusual transactions in the coming months.
The investigation of this case was overseen by Assistant District Attorney and Virtual Currency Division Chief Alona Katz, with assistance from Virtual Currency Analyst Sam Weaver and a senior investigative officer.