A phishing campaign targeting users of Punjab Driving License Issuance Management System (DLMIS) has been identified during ongoing threat intelligence monitoring of phishing infrastructure aimed at Pakistani users. The campaign impersonates the official DLMIS platform and uses a fake driving license application website to collect sensitive user information. The fraudulent website closely resembles the legitimate registration process, making it difficult for unsuspecting users to distinguish it from the official portal. Cybersecurity researchers have warned that the operation is designed to harvest personal information that could later be used for identity fraud, social engineering, and additional phishing activities.
According to the threat intelligence findings, the legitimate Punjab DLMIS portal remains separate from the phishing infrastructure established by the attackers. The phishing operation uses the domain dlimsapply.online, which imitates the official registration workflow and redirects users to a credential harvesting endpoint where personal information is requested. Initial observations indicate that the fake portal attempts to collect multiple forms of Personally Identifiable Information (PII), including identity and contact details submitted by users during what appears to be a driving license application process. By replicating the appearance and functionality of the genuine service, the attackers attempt to gain the trust of individuals who believe they are interacting with the official government platform. Such campaigns often rely on convincing website layouts and familiar branding to increase the likelihood that users will voluntarily provide confidential information without realizing they are using a fraudulent website.
Researchers also observed that the phishing website is actively promoted through sponsored advertisements on Facebook, increasing the campaign’s visibility and giving it an appearance of legitimacy. Users who click the “Apply Now” advertisement are redirected directly to the phishing registration page, where they are encouraged to enter their personal details. The use of paid advertising allows threat actors to reach a wider audience while making the fake website appear more credible. Analysis of the infrastructure indicates that the phishing domain is registered through HOSTINGER Operations, UAB, reflecting a pattern commonly seen in low cost phishing campaigns targeting regional government services. Security researchers noted that recently registered domains hosted on inexpensive infrastructure are frequently used in similar credential harvesting operations because they can be deployed quickly and replaced with minimal cost if detected. The initial indicators of compromise identified for the campaign include the phishing domain dlimsapply.online and its associated credential harvesting URL.
The findings have been shared with PKCERT Pakistan, Punjab Information Technology Board (PITB), Government of Punjab, and cybersecurity professional Haider Abbas for awareness and response. The discovery highlights the continued use of phishing websites to exploit public trust in government digital services and emphasizes the importance of verifying website addresses before submitting personal information online. Users seeking driving license related services are advised to ensure they are accessing only the official Punjab DLMIS portal and to remain cautious of advertisements or unsolicited links that redirect to similar looking websites. Identifying suspicious domains, monitoring phishing infrastructure, and reporting fraudulent websites remain important measures in limiting the impact of credential harvesting campaigns targeting Pakistani internet users.
Follow the SPIN IDG WhatsApp Channel for updates across the Smart Pakistan Insights Network covering all of Pakistan’s technology ecosystem.