Fake Traffic Infringement Notice
Over the last two days we have observed phishing emails claiming to be from the Australian Federal Police (AFP). These emails tell the recipient they have a traffic infringement notice. The infringement in all cases is negligent driving. The emails are a fake. They have a nasty payload if you click on the link. Ransomware is installed on your PC. The AFP has a Media Release; AFP warns public of email Traffic Infringement scam on this scam. Be aware that we are still stopping emails of this type.
We have posted the email in question as Figure A. The subject of the email is “Traffic Infringement Notice”. The sender of the email is “Australian Federal Police”. The actual email domain is not the AFP email domain. The domains observed do use afp in the domain name string. There are three links in the email. These links point to the same malicious site. There is a copy of the genuine AFP logo in the top left hand corner. The email looks convincing.
The purpose of the email is to alert the recipient to a traffic infringement. The email specifies that the infringement occurred on 11/4/2011. This date does not vary between emails. The infringement notice number (18293019380) does not vary between emails. The due date for payment is 10/5/2011. These dates are 4 years in the past. This may be a deliberate trick by the criminals. Someone may wonder why the fine has taken so long, and click on the link out of curiosity. Or they may click on the link for further information.
Clicking on the link sends you to a site that serves a .pdf file. What it does contain is ransomware. Once installed, the ransomware will encrypt files on your PC and demand a ransom. At this stage it appears that the ransomware is a variant of the well-known CryptoLocker malware.
As the AFP advises, don’t click on the links. Delete this email immediately if you receive it.