The Police Department of Tredyffrin PA announced the discovery of a speeding ticket scam. Victims received emails with the following content:
From: Speeding Citation (firstname.lastname@example.org)
Subject: Notification of excess speed
First Name: Victor
Last Name: Fiorillo
Notification of excess speed
Route: Mill Road
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.
At the bottom of the email was a link that when clicked on loaded malware onto the recipients computer. Why click the link? Because each person receiving the email had indeed been speeding at the place and time indicated on the email.
Here’s how the scammers new: the exploited a vulnerability in smartphones that the GPS enabled. Something people do when using the map feature and directions on their phone. Once the crook knows where your starting your directions from and how long it takes you get to the destination they use that old high school word problem to see how fast you were going.
If Amy and Jim are driving 2983 mile from Boston to to Los Angeles and it takes them 39 hours to get there how fast were they driving?
They then either extract your email address from your phone. The criminals are asking for payment. Instead they are playing the long game by hoping that infecting your computer with Malware will lead to a bigger payoff.
Remember tickets never come via email. They only come through the U.S. Postal Service with a photograph accompanying it. The letter will very often include a link to the photo and citation, but it always comes via U.S. Mail.
As always the best protection is to think before you click, and always err on the side of caution.