Scammers are constantly coming up with crafty ways to fool computer users into revealing login credentials and installing malware, with the latest speeding ticket email scam being used for the latter. Emails are being sent to individuals claiming they have been caught driving too fast and are sent a link to click to pay their speeding ticket.

If the targeted individual clicks on the link contained in the spam email they will be directed to a malicious website that will download malware onto their computer.

This particular scam has been used to target drivers in Philadelphia. While the majority of spam emails are sent out randomly in the millions in the hope of fooling some individuals into clicking on malicious links, this particular campaign is anything but random. Individuals are being targeted that are known to have exceed the speed limit.

Not only have the attackers obtained the email addresses of their targets, they have also send details of where the individual exceeded the speed limit. So how is this possible?

This particular speeding ticket email scam is understood to have been made possible by the attackers hacking a Smartphone app that has access to the GPS on the phone. The attackers use location data and the phones GPS to determine which individuals have exceeded the speed limit. They are then sent a speeding ticket scam email telling them to click on a link where they can see details of their vehicle license plate in the location where the infraction took place. They are also informed of the speed limit in that location together with speed that the individual was travelling. The speeding driver is told he or she has 5 days to pay the citation.

While this speeding ticket email scam could easily be used by the attackers to obtain credit card details or phish for other information, it appears to only be used to install malware. Clicking on the link in the email to view license plate details does not actually reveal the image. It silently installs malware.

The police department in Tredyffrin, PA, where drivers were targeted with this speeding ticket email scam, has not cited callers for their speeding violations when they have called to query the fine, even when they have confessed to speeding over the phone.

How to Protect Yourself Against Email Scams

This speeding ticket email scam is particularly convincing as it uses real data to fool users into clicking on the malicious link. Many spam email campaigns now use personal information – such as real names and addresses – to fool targets into opening infected email attachments or clicking on malicious links. This type of targeted spear phishing email is now all too common.

To protect against attacks such as this, there are a number of steps that should be taken.

  1. If contacted by email and asked to click a link, pay a fine, or open an attachment, assume it is a scam. Try to contact the individual or company to confirm, but do not use the contact information in the email. Perform a search on Google to obtain the correct telephone number to call.
  2. Carefully check the sender’s email. Does it look like it is genuine?
  3. Never open email attachments from someone you do not know
  4. If you receive an email offering you a prize or refund, stay safe and delete the email
  5. Ensure that anti-virus software is installed on your computer and is up to date.