Phishing’s Latest Attack Message: Traffic Tickets
Phishing campaigns, unfortunately, have grown in prominence. There have been many successful attacks over the years. In order to continue to be successful, as measured by the number of compromised systems and revenue generated, the attackers are looking for new topics for the phishing campaigns.
The prior, tired themes no longer work with an acceptable successful success rate. These have historically consisted of birthday pictures, pet pictures, lottery winnings, etc. Nearly all people are familiar with these ploys. Another rather blatant attack involves an estate attorney from the Netherlands finding your long lost uncle, who happened to be a multi-millionaire has pass and you are his only heir.
The attackers have reviewed this and have been utilizing new themes, with great success. One of the recent popular scams, which as of late was very successful, but has plateaued, are the emails from the CEO/CFO to the Accounting and/or Finance Office directing the recipient to issue a check by 11am to a bank outside of the US for a supplier to use a discount. The latest attack which has gained regional prominence in New York over the last 18 months involves traffic tickets.
Pivot to Traffic Tickets
The New York State Department of Motor Vehicles began warning consumers of a new phishing attack directed at the drivers in the state (Sjouwerman, 2017). The drivers in New York are receiving emails stating the person has to pay a fine within 48 hours. If the fine were not to be paid, the person’s driver’s license would be revoked. Curiously, if the attack is successful overall for the phishers, this attack may gain further favor and be used in other states.
The email has a link for the consumer to click on in order to make the payment. Obviously this was not a payment link to the DMV. This does however infect the user’s system. The malware was coded in two types. The first tracked what websites were being visited. This is common, yet annoying. The second and more in-depth option was the alternative. This option scours the person’s system for PII, including but not limited to the person’s social security number, date of birth, and credit card information.
With phishing campaigns, generally there are several areas to look within the email that are clear indicators of this being a phishing email with malicious intent. This was also the case. With a bit of review, the user/recipient should be able to understand this was a phishing endeavor.
First, the link provided in the email did not lead to a “.gov” website. If this was truly from the New York DMV, the “.gov” domain would have been present and seen with the listing or the mouse rolling over the name. The DMV, much like most other governmental units, do not send emails demanding money. The notices for the fines are sent through the USPS.
In retrospect, this is yet another attack from the phishing community. These phishing attacks certainly are not going to slow or stop. The attackers will only continue to pivot on points that work well for them, generating revenue, and compromising systems. The phishing emails will continue however to contain incorrect grammar, spelling, incorrect domains, etc.
Sjouwerman, S. (2017, June 5). Sam of the week: DMV warns drivers about traffic ticket phishing. Cyberheist News, 7(23). Retrieved from https://blog.knowbe4.com/cyberheistnews-vol-7-23-vladimir-putin-approves-of-patriotic-russian-hackers
About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.