DMV Phishing Alert, FTSE Spoofing Risk, Victoria’s Secret Breached

The support tickets we get after a spoofing incident all start the same way: ‘we didn’t know someone was sending email from our domain,’ says Vasile Diaconu, Operations Lead at DuoCircle. DMARC reporting would have caught it weeks earlier. The cost of monitoring is nothing compared to the cost of a successful impersonation attack.

_According to the FBI’s 2022 Internet Crime Report (IC3), 300,497 US-based victims reported phishing incidents in a single year, and Business Email Compromise (BEC) caused more than $2.7 billion in direct losses. DMARC Report

DMV Phishing Alert, FTSE Spoofing Risk, Victoria’s Secret Breached

					<button title="Play" aria-label="Play Episode" aria-pressed="false" class="play-btn">
						

Play Episode

					</button>
					<button title="Pause" aria-label="Pause Episode" aria-pressed="false" class="pause-btn hide">
						

Pause Episode

					</button>
					


				

				

					<audio preload="none" class="clip clip-26111">
						<source src="https://media.mailhop.org/dmarcreport/images/2025/06/DMV-Phishing-Alert-FTSE-Spoofing-Risk-Victorias-Secret-Breached.mp3">
					</audio>
					

						

					

					

						

							<button class="player-btn player-btn__volume" title="Mute/Unmute">
								

Mute/Unmute Episode

							</button>
							<button data-skip="-10" class="player-btn player-btn__rwd" title="Rewind 10 seconds">
								

Rewind 10 Seconds

							</button>
							<button data-speed="1" class="player-btn player-btn__speed" title="Playback Speed" aria-label="Playback Speed">1x</button>
							<button data-skip="30" class="player-btn player-btn__fwd" title="Fast Forward 30 seconds">
								

Fast Forward 30 seconds

							</button>
						

						

							<time class="ssp-timer">00:00</time>
							

/

							<!-- We need actual duration here from the server -->
							<time class="ssp-duration" datetime="PT0H2M12S">2:12</time>
						

					

				

			

								<nav class="player-panels-nav">
												<button class="subscribe-btn" id="subscribe-btn-26111" title="Subscribe">Subscribe</button>
																		<button class="share-btn" id="share-btn-26111" title="Share">Share</button>
										</nav>
						

	



		

						

				

					

					

				

				

					

																																																																								

					

						

RSS Feed

							<input value="https://dmarcreport.com/feed/podcast/dmarc-report" class="input-rss input-rss-26111" title="RSS Feed URL" readonly />
						

						<button class="copy-rss copy-rss-26111" title="Copy RSS Feed URL" aria-label="Copy RSS Feed URL"></button>
					

				

			

									

				

					

					

				

				

					

						Share						

					

						<a href="https://www.facebook.com/sharer/sharer.php?u=https://dmarcreport.com/blog/podcast/dmv-phishing-alert-ftse-spoofing-risk-victorias-secret-breached/&t=DMV Phishing Alert, FTSE Spoofing Risk, Victoria’s Secret Breached" target="blank" rel="noopener noreferrer" class="share-icon facebook" title="Share on Facebook">
							

						</a>
						<a href="https://twitter.com/intent/tweet?text=https://dmarcreport.com/blog/podcast/dmv-phishing-alert-ftse-spoofing-risk-victorias-secret-breached/&url=DMV Phishing Alert, FTSE Spoofing Risk, Victoria’s Secret Breached" target="blank" rel="noopener noreferrer" class="share-icon twitter" title="Share on Twitter">
							

						</a>
						<a href="https://media.mailhop.org/dmarcreport/images/2025/06/DMV-Phishing-Alert-FTSE-Spoofing-Risk-Victorias-Secret-Breached.mp3" target="blank" rel="noopener noreferrer" class="share-icon download" title="Download" download>
							

						</a>
					

				

				

					

						Link						

					

						<input value="https://dmarcreport.com/blog/podcast/dmv-phishing-alert-ftse-spoofing-risk-victorias-secret-breached/" class="input-link input-link-26111" title="Episode URL" readonly />
					

					<button class="copy-link copy-link-26111" title="Copy Episode URL" aria-label="Copy Episode URL" readonly=""></button>
				

				

					

						Embed						

					

/*! This file is auto-generated */ ’ title=“Embed Code” class=“input-embed input-embed-26111” readonly/>

					<button class="copy-embed copy-embed-26111" title="Copy Embed Code" aria-label="Copy Embed Code"></button>
				

			

				

Hey, it’s June already! Hope you guys are able to hold up against the cybercrooks, tall and strong.

We are back with our weekly dose of the latest cyber news. This week, we will inform you about the ongoing DMV phishing scam in the US. Next, we will focus on email spoofing attacks being a constant threat hovering over **FTSE 100 companies despite having a simple fix already available. Lastly, we will dig deeper into Victoria’s Secret’s recent encounter with a threat attack incident.

Let’s begin with this week’s cyber bulletin.

DMV phishing scam targeting smartphone users in the US

A new phishing scam is doing the rounds in the US. Threat actors are sending phishing text messages to drivers in an attempt to gain access to their personal data and financial information. DMVs, or Departments of Motor Vehicles, have reported the latest phishing texts across three states: California, New York, and Florida.

The malicious messages threaten drivers with unpaid fees, traffic rule violations, hefty penalties, driving license suspension, and additional fines. The truth is that these messages are totally fake and have not been shared by any official entity. Cybercriminals are leveraging a notorious phishing scam tactic called smishing, or SMS phishing, to make quick money.

Earlier this year, some threat actors sent phishing texts warning drivers about unpaid toll fines. At that time, both the Federal Trade Commission and the **FBI jumped into action and actively warned the message recipients against those cyberattack attempts.

The intensity of this scam can be gauged from the fact that in April alone, Americans received as many as 19.2 billion automated phishing texts. Such scam texts not only create a sense of nuisance for the recipients but also result in actual financial loss. All it takes is a naive and unsuspecting driver to click on a malicious link and WHAM! There goes all their personal data to the cybercrook! Last year, the cost of cyber fraud for Americans was a staggering $12 billion.

Experts recommend **registering your phone number with the National Do Not Call Registry. Also, it is better to avoid clicking on any unknown or suspicious links. Being skeptical can be a smart move in this current scenario.

FTSE 100 companies are prone to email spoofing attacks despite having an easy fix available already

As per a recent report, one-third of FTSE 100 companies are prone to email spoofing attacks. They tend to stay **highly vulnerable despite the easy availability of DMARC (Domain-based Message Authentication, Reporting and Conformance) tools. DMARC is one of the most successful email authentication protocols, which helps domain owners safeguard their domain reputation, email deliverability, and client experience by monitoring the legitimacy of emails sent on their behalf.

The lack of DMARC deployment can severely hamper the cybersecurity mechanisms of these FTSE 100 companies. Approximately 30% of those who have already deployed **DMARC tools are experiencing issues with misconfiguration. As a result, threat actors can easily carry out email-based cyberattacks targeting employees working in a specific company. They can also impersonate a legitimate company and try to target the customers.

Victoria’s Secret delays Q1 financial results declaration, grappling with cyberattack!

Women’s favorite, Victoria’s Secret, experienced a cyberattack last week. Due to this incident, the brand has decided to delay the declaration of its financial results for the Q1 2025 period.

They are planning to announce a new date for the earnings release and the earnings call webcast. This delay occurred because the investigation is still underway , and they are trying to understand the scope of the impact.

In a press release, **Victoria’s Secret has confirmed that the threat attack has not affected their Q1 financial results. However, due to the cyberattack, employees were unable to access certain systems._ As a result, Victoria’s Secret is unable to share its financial results currently_.

For context, Victoria’s Secret was forced to shut down its e-commerce website and corporate systems on May 26 because of an unfortunate and abrupt cyber incident. To keep the stakeholders updated, they shared a short and clear message on their website that they were taking adequate measures to address a specific security incident. Victoria’s Secret is working with third-party cyber experts to minimize the impact of the cyberattack and also nab the real culprits. The FAQ page mentioned that Victoria’s Secret was still unsure about the **exact date and time when the site would be live again.

Much to the relief of its ardent fans and loyal customers, they managed to restore the website on May 29**. However, restoring full access will take more time.