Received a strange parking fine in your inbox this morning?
You’re not the only one.
A bizarre scam which tells victims they been fined anything from $1.04 to upwards of $100 is hitting email inboxes en masse today.
The unbranded email has a randomly-generated ticket number and fine amount.
It tells people to click a link to view their ticket. However the link triggers a malware downloader housed in a .zip file. This enables those behind the scheme to download further malware – it might be anything from ransomware to key-logging spyware.
The message comes from various senders – all addresses likely to have been compromised in previous hacks. The subject line – ‘Parking bill’ another indicator that the mail is suspicious, and the blunt terminology – ‘Pay your parking ticket’ and lack of branding is further confirmation.
In an unusual move the emails are being distributed in huge numbers in alphabetical order, meaning domains or company names beginning with ‘A’ were the first to be hit.
This is likely due to a mistake by the perpetrators, who usually attempt to randomise delivery order in an effort to evade detection by antivirus software.
While MailGuard detected and blocked the link this morning, antivirus product aggregator VirusTotal shows none of 64 well-known antivirus vendors have flagged the link as suspicious.
The unsophisticated scam mirrors a similar fake driving infringement notice scam detected by MailGuard in November.
Similar in approach, both emails rely on the curiosity of victims for success.
Protect yourself from malicious downloads
To reduce the risk of being tricked by one of these scams, you should treat with suspicion emails that:
- Come from an unknown or unexpected sender
- Ask you to open or download files that you were not expecting
- Ask you to click on a link to access their website. If unsure call the company/person directly and ask whether the email is legitimate
Another easy way to check potentially-suspicious emails is to hover your mouse over the sender’s address and the suspicious link. This will reveal more about the real sending domain and link destination.
More about malware
Malware is designed to disrupt, damage or gain control of a computer system or data.
It can reformat your hard drive, alter, delete or encrypt files, steal sensitive information, send unauthorised emails, or take control of your computer and all of the software on it.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
Want to hear more from MailGuard? Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
