The Malware
A very innovative kind of malware has struck and taken people by surprise in the suburbs of Philadelphia. Some residents of the Philadelphia suburb Tredyffrin have reportedly received speeding tickets on email with instructions to pay the fine online. These mails in reality are malware strikes designed and perpetrated by some clever cybercriminals. They want the receivers of these mails to click on the link given below, supposedly for the fine payment and in reality for facilitating the downloading of a malware that could simply hijack the computer itself.
This scam was brought to light by a local business’employee who got a speeding ticket in this manner last week. It was then that the scam was brought to the notice of the police, who have put out an alert on the Tredyffrin Police Department website.
Factually Correct
The most interesting thing about the scam is that the victims of the scam are in fact provided with information that happens to be correct. The scam mail would contain personal details of the user, the actual information of the traffic route and exact information regarding time, speed and location. Moreover incidentally, the receiver of the mail would actually have been speeding and thus could very easily be made to click on the link for paying the fine. So the fake, malware affected email notifications contained information that was factually correct. It’s therefore inferred that the hackers have perhaps made use of some security flaw in some GPS-enabled smartphone app. The Tredyffrin Police Department Website says, “Due to the fact this scam had correct information with respect to speed, time and location, it is highly suspected that a “free mobility or traffic APP” may have been utilized/hacked for this scam”.
Police clarifications
The site also alerts people by stating- “Additionally, please beware that in some cases (besides the financial scams) documented over the past few years nationally, these emails are phishing attempts where opening attached documents place viruses/tracking on your computer.” The Police Department website also makes it clear that such citations are never emailed or sent in the form of an email attachment. Yes, this is real interesting. Tredyffrin doesn’t have speed cameras installed anywhere and fines are imposed only when a speeding driver is caught in the act by a cop.
Sample Mail
This is what the contents of such a fake speeding ticket would look like-
From: Speeding Citation <Citation@safe-browsing.commailto:Citation@safe-browsing.com>
To: (Accurate Email Removed)
Date: 03/11/2016 03:08 PM
Subject: [External] Notification of excess speed
First Name: (Accurate Name removed)
Last Name: (Accurate Name removed)
Notification of excess speed
Route: (Accurate Local Township Road –removed)
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.
The Solution
It’s advisable to go for conventional malware protection solutions to combat this and such other scam strikes. The first thing of course would be to install a very effective antivirus software. A real good Internet Security Suite can provide the kind of website security that’s needed to protect systems and networks. Configuring email client for security and arranging to block these kind of mails and senders, especially with the subject ‘[External] Notification of excess speed’. Just remember malware protection works when done on time
Related Resources:
https://antivirus.comodo.com/blog/computer-safety/best-antivirus-of-2019/