It is the responsibility of the Australian Federal Police (AFP) to protect us from crime. How ironic that in the latest fastbreak Cryptolocker email scam, cyber criminals have adopted the identity of the AFP and are using it to trick unsuspecting recipients into paying them money.
The AFP have released a statement advising the public to delete this fake email immediately.
This scam appears as a traffic infringement notice from the AFP which demands payment. To view the fake traffic infringement, recipients are asked to click the link contained within the email.
Sample email:
If you hover over the ‘see your traffic infringement’ link, you will see the URL is not that of the legitimate AFP website; http://www.afp.gov.au/.
The cyber criminals behind this scam are sending recipients to a variety of websites. Some samples include:
http://aluway.biz/system/logs/<REDACTED>.php
http://marbledesign.in/system/logs/<REDACTED>.php
http://oka-dentalshop.com/system/logs/<REDACTED>.php
http://deklie.net/system/logs/<REDACTED>.php
Once the recipient clicks the link to the view the traffic infringement, they are taken to a webpage which resembles the legitimate AFP website. The recipient is then asked to enter in a CAPTCHA in order to view the infringement.
Once the captcha is entered, the recipient is then presented with a .zip file containing the infringement notice to download.
While it is fortunate that this is not a genuine infringement notice, unfortunately for anyone who downloads this .zip file they will be infecting their computer and possibly their network with malware. The specific type of malware is called Cryptolocker, which is a ransomware Trojan. It encrypts all files and asks the user to pay a ransom in order to have their data returned or decoded.
The AFP has made it very clear that they never send out traffic infringement notices via email, so if you happen to receive this email don't attempt to make a payment or provide your personal details.
The AFP has also advised that if you have received this type of email or receive one in the future, you should report it to the Australian Cybercrime Online Reporting Network (ACORN), and delete it from your inbox.
While these types of emails have been occurring quite frequently, there are a few simple things you need to remember so that you don't become a hapless victim.
Generally, banks and government organisations will not send you emails asking for payments or personal information. If in doubt, contact them directly.
Don't click on links contained within emails as these can direct you to fraudulent websites. Play it safe and type the company website directly into your web browser.
Don't download any .exe or .zip files unless you are absolutely sure of their legitimacy. These files are the most common for the delivery of malware. Your business can help protect itself by locking down access to staff so they cannot download .zip or run .exe files without permission from the Network Administrator.
It is also crucial to back up your business data every day. That way, you have a safety net should your data ever be held to ransom through malware such as Cryptolocker.
User education and sharing these tips which will help mitigate risk to your business. Another way is to layer email filtering and web filtering on top of your standard desktop AV. Cloud services which are updated in real time, have a higher success rate of updating and blocking these fastbreak email scams.
To educate your staff on how to identify spam, malware and more, feel free to share this helpful blog: Don’t Click That! Your Guide To Cyber-attacks And Tips For Being Cyber Safe Within Your Business.
MailGuard is at the forefront of finding and successfully blocking these types of fastbreak email scams containing malware or links to download malware, as reported by the Australian Reseller News (ARN):
MailGuard Discovers Zero-Day Cryptor Variant Vulnerability
New Cryptolocker Variant Discovered Targeting Australians
Keep up to date on the very latest industry news
Follow MailGuard's blog where you can register to receive weekly email updates, or by following us on social media.
