Drivers targeted by GPS-based Phishing scam

Police in Tredyffrin, Pennsylvania are warning drivers about a new scam that uses accurate GPS information. The messages being sent to drivers claim to be speeding tickets; and in order to lend legitimacy to the scam, they contain accurate personal information as well as location data.

The emails contain an attachment, but it isn't clear if the attachment itself is malicious. To be on the safe side, drivers are warned to avoid opening the attachment, because if it is malicious it could infect the system.

The email contains the victim's first and last name, and it's addressed to an email address they're familiar with. In addition to accurate personal details, the email also contain valid GPS information (including roads traveled and speed.)

An example of the email was provided by the law enforcement agency:

From: Speeding Citation <Citation [at] safe-browsing [dot]com>
Date: 03/11/2016 03:08 PM
Subject: [External] Notification of excess speed
First Name: [REDACTED]
Last Name: [REDACTED]
Notification of excess speed
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.

The Tredyffrin police department raised the alert last week, and promptly notified other local police departments and the district courts.

The source of the GPS data isn't known, but given the level of accuracy in the information provided, Tredyffrin police have placed the blame on some type of traffic or mobility application.

It's possible the application isn't malicious itself, but the information collected is being used for malicious purposes. This means the application could come from a third-party source, or directly from Google Play or iTunes.

Read more: The week in security: Place your security best for 2016

Another possibility is that the information is being recorded in a database that has been left available to the public online (e.g. a poorly configured MongoDB instance) and criminals are abusing the stored data.

Either way, the Tredyffrin police department reminds drivers that citations such as this wouldn't be delivered by their agency. Drivers who receive such a notification should ignore it.

At this time, it isn't clear if drivers outside of Tredyffrin, Pennsylvania have received similar notifications.

"Many consumers will readily dismiss the possibility that someone would care about their location data, but this is a prime example of how this seemingly low value data can play into a larger attack," said Craig Young, a cybersecurity researcher for Tripwire.

"While a fake speeding ticket email might ordinarily be recognized as fake and ignored, including a person’s name along with a road they regularly drive immediately gives authenticity to the scam making it far more likely that the attack will succeed. Social engineering is one of the most fundamental tools in the hacking toolkit and every hacker knows that realism is key in these efforts."

Another possibility is that the information is being recorded in a database that has been left available to the public online (e.g. a poorly configured MongoDB instance) and criminals are abusing the stored data.

Join the CSO newsletter!

Error: Please check your email address.

Tags cyber criminalsMalicious attachmentGPSGoogle PlayTripwirephishing emailMongoDBphishing scamiTuneslocation data

More about GoogleIDGSpeedTripwire

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Steve Ragan

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place