[UPDATE] See new information at the bottom of this posts.
A phishing scam posing as a speeding ticket email with a malicious link is nothing new. But here's an innovation that should give you pause.
Emails claiming to be from the local police department were sent to a few local residents close to Philadelphia and had something unique.
They contain accurate speeding data, including street names, speed limits, and actual driving speeds, according to the local Police Department,
You'd think that WAZE was hacked.
That's what it would take, a legitimate app with permission to track phone GPS data like WAZE that was hacked, or tailor-made malware that was downloaded to the phone, tricking the user with social engineering and stealing their identity. By using information that you would think only the police could have, people are more likely to click the link and get infected.
Accurate speeding data, but a phishing email.
The link claims it points to a picture of the offending license plate but instead infects the machine with malware. For obvious reasons, a scam like this is hyperlocal but it clearly does show how this type of scam evolves. Remember that citations are never emailed or sent out in the form of an email attachment.
I would send employees, friends and family something like this, feel free to copy/paste/edit:
"Here is a reminder that you need to be alert for fake emails that claim to come from your local police and state that you have a traffic violation you need to pay a fine for. At the moment, there is a local scam in Philadelphia that uses accurate GPS data that must have come from a compromised phone to show that a person was speeding. This scam may spread to the rest of America soon. Remember that citations are never emailed or sent out in the form of an email attachment, and report scams like this to your local police department."
Here is an example with the content of the phishing email:
From: Speeding Citation <Citation@safe-browsing.com>
To: (Accurate Email Removed)
Date: 03/11/2016 03:08 PM
Subject: [External] Notification of excess speed
First Name: (Accurate Name removed)
Last Name: (Accurate Name removed)
Notification of excess speed
Route: (Accurate Local Township Road –removed)
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.
[UPDATE 3/28/2016 - 1:52pm] I was just called by an InfoSec professional who told me that this was his phising test that escaped into the wild! This person (who shall remain unnamed) did an excellent job tricking some of his employees into believing this was real --including yours truly-- and the phish got out to the local police station who put it up on their website. This sometimes happens. It still is a very good idea to NOT click on any emails you get from any law enforcement agency regarding citations.
Related Pages: Phishing