Phishing campaign targets city employees with e-mailed speeding tickets, similar to a nationwide campaign last year.
One thing worse than getting a traffic ticket in the mail would be getting a traffic ticket that’s actually a phishing scam trying download malware onto your computer.
Government employees in Seattle recently received e-mails purporting to be from the city’s Department of Motor Vehicles, telling them they had been clocked driving over the speed limit and instructing them to click a link to fill out a form, according to an alert from the Seattle police.
The link takes them to one of several recently registered domains overseas. Microsoft’s Malware Protection Center, which is investigating the scam with the Seattle PD, wrote in a blog post that one of the links went to a domain in Ukraine registered on Jan. 16.
One tip-off that the e-mail isn’t from the Seattle DMV is that the date of offense on the ticket is listed in the European style, with the day of the month first, followed by the month and year, such as 20/12/2011. Another tip-off is that Seattle, like every other municipality, doesn’t send tickets via e-mail. They still rely on the Postal Service for that. (In many places you can pay tickets online, but you still won't receive them electronically.)
All of the domains to which Microsoft has traced the phishing campaign are newly registered, “so this is a new spam campaign,” Microsoft said.
Recipients were told an attached .zip file in the e-mail was a copy of their ticket, which they were to fill out and send to a town court. The attachment contained malicious software that would install itself on the recipient’s computer of they opened it.
The social engineering trick used in these campaigns -- posing as an authoritative organization such as a human resources department, credit bureau, tax department or some other government entity -- is one of the most common phishing tactics.
Microsoft said they best ways to avoid getting hooked by phishing scams is to keep security software updated and learn to recognize phishing tactics.