Fake speeding fines install ransomware on PCs
Fake emails are being sent out that purport to be from the NSW Office of State Revenue. The emails tell the recipient that they have been caught exceeding a speed limit. These emails are bogus and should be deleted. There have been instances of these types of emails being circulated prior to this week; they tend to change over time, in an attempt to further fool recipients.
Figure A shows the email. This email is quite convincing, with a NSW government logo, and the Office of State Revenue (OSR) heading. The subject line will be “Penalty report code – “with an 11 digit number after the hyphen.
There are two links in this email; one for the button called “Invoice” and the other for the button called “View Camera Images”. The links in each case are slightly different, but they perform the same function: facilitating the download of the CryptoLocker ransomware to the victim’s PC.
OSR state on their website that they do “not issue penalty notices or penalty reminder notices by email”.
The email does not address the recipient by name, and contains no details such as a licence plate number or the location of the alleged camera offence. Mousing over the links shows them to be false. The email attempts to pressure the recipient into clicking on a button by warning of dire consequences if they have an overdue fine.
CryptoLocker is still very prevalent in Australia. As noted in previous news items, it will scan local drives and network drive to which the computer has access, looking for any file with Microsoft file extensions. It then encrypts these files. In some cases, picture files have also been encrypted.
If a user attempts to open an encrypted file, CryptoLocker sends a notice on screen to the user, informing them that their files have been encrypted, but that they can unlock them by paying a ransom. The ransom amount has varied; usually it is around 300USD. Some versions also allow payment via Bitcoin.
If you receive such an email, delete it. Do not click on the links.