What Traffic Ticket Phishing looks like.
Although this happened in New York, this phishing attack could very easily happen in any state. Online reporter Doug Olenick at SC Media revealed a press release from the NY State Department of Motor Vehicles warning about a phishing scam. The phishing scam targets New York drivers and states they have 48 hours to pay a fine or have their driver’s license revoked. This may happen in your state too. Heads-up.
The NY DMV alerted motorists that the scam is just bait to entice them to click on a “payment” link that infects their workstation with malware. The DMV does not know how many people have been affected. Owen McShane, director of investigations at New York State DMV, said calls came in from New York City, Albany and Syracuse.
How it worked.
The malware came in two categories. The first simply placed a tracking tool on the victim’s computer to see what websites they visited. The second attempted to acquire a variety of personally identifiable information. This includes names, Social Security numbers, date of birth and credit card information.”
Several social engineering red flags show the email is a scam. Links lead to sites without an ny.gov URL, Here is what the phishing email looks like:
The Department of Motor Vehicles does not send emails urging motorists to pay traffic tickets within 48 hours or lose your license.
This scam is similar to one that hit the state about 18 months ago. The DMV, is popular bait in phishing attacks. Most previous attacks only lasted for 24 to 48 hours and this attack seems to have wrapped up too at this point.
Spread the word.
I suggest you send employees, friends and family an email about this Scam of the Week, you’re welcome to copy/paste/edit.
“Watch for fake emails that look like they come from your local police or State Dept of Motor Vehicles (DMV) claiming you have a traffic violation. There is a local scam in New York that falsely states you have outstanding violations you need to either pay for or refute. If you don’t, you lose your license.
This scam may spread to the rest of America soon. Remember that citations are never emailed with links in them, or sent out with an email attachment. Report scams like this to your local police department.”
Obviously, an end-user who was trained to spot social engineering red flags like this would have thought before they clicked.
A free job aid.
Here is a free job-aid for all your employees. It’s a PDF you can print which they can pin on their wall:
Inspired by our friends at Knowbe4.