Cyber Criminals Targeting Australians Again With Fake AFP Infringement Email Scam

Posted by MailGuard Editor on 02 July 2015 23:29:00 AEST

Warning: International cyber criminals are targeting Australians again by recycling their fake ‘Australian Federal Police (AFP) infringement scam’ campaign.

Cyber criminals are holding victims’ data to ransom by tricking email recipients into downloading ransomware.

This campaign is almost identical to their previous attempts, in terms of the execution method.

Here is a sample of the email scam purporting to be from the AFP:


A huge warning sign for email recipients is the poor language used, such as:

‘You have recently been given with a drive violation’
‘…check out the intrusion information’
‘payment need to be done within just 12 days…’

It's the usual 'click here to view your traffic infringement' email, which then directs recipients to a fake AFP landing page. The website appears to be almost identical to the legitimate AFP site.

See images below showing the actions required in order to ‘download’ the supposed infringement notice. By following through, recipients are actually downloading a .zip file containing the now common Cryptolocker ransomware.

MailGuard AFP Email Scam July 1_Landing Page 1 Screenshot

Criminals will follow through by locking down the victim’s files and demanding a ransom in order to decrypt the data.

Please warn all email users to be aware of this recent run of fake AFP Infringement emails, and be sure to educate team members on the typical warning signs:

1. The Australian Federal Police never send out traffic infringement notices via email
2. Always check the URL of the landing page you have been directed to, and you will notice (even in this example) it is not the correct domain of the purported organisation
3. Poor language in emails should be a warning to recipients that the email could be a scam
4. Never click links within an email that seems suspicious, and if in doubt check with your IT support team
5. If you are expecting an email from a legitimate company such as a bank or government organisation, go directly to the website through your browser and never click links from within an email.

MailGuard is at the forefront of finding and successfully blocking these types of fastbreak email scams containing malware or links to download malware. You can read more, as reported by the Australian Reseller News (ARN):
MailGuard Discovers Zero-Day Cryptor Variant Vulnerability
New Cryptolocker Variant Discovered Targeting Australians

^ Back to Top

Topics: Spam Industry News Email Cryptolocker Hacking Phishing Email Security

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all