"A local corporation contacted the police department advising that an employee had received an email indicating that he/she was speeding on local roads and needed to remit funds (in the form a fine) to '[email protected]' which provided a link and attachments for sending the funds," the police department writes.The scam email sent to the employee included the individual's name as well as their correct speed, time, and location, which has raised the Tredyffrin Police Department's suspicions that a "free mobility or traffic app" containing drivers' information might have been hacked. You can view a template for this spam campaign's fake emails below:
"Many consumers will readily dismiss the possibility that someone would care about their location data, but this is a prime example of how this seemingly low value data can play into a larger attack," said Craig Young, a cybersecurity researcher for Tripwire. "While a fake speeding ticket email might ordinarily be recognized as fake and ignored, including a person’s name along with a road they regularly drive immediately gives authenticity to the scam making it far more likely that the attack will succeed. Social engineering is one of the most fundamental tools in the hacking toolkit and every hacker knows that realism is key in these efforts."As it investigates this ongoing campaign, Tredyffrin Police Department would like to remind users that it never sends out citations in the form of an email or an email attachment. It is also careful to point out that those who come across this scam should not open the email attachment, as attackers commonly disguise ransomware, spyware, and other malicious programs as seemingly legitimate email attachments and disseminate them via phishing attacks. Softpedia reports that no malware is believed to have been distributed by this scam at this time.