Expert insight on Malware Scam Using Fake Speeding Ticket Email but Accurate Speed Data

In Tredyffrin, Pennsylvania near Philadelphia, a new malware scam is underway where some residents are receiving fake email speeding tickets, but which contain accurate speed data. Officials think users are being infected by an app with permission to track phone GPS data. The email itself asks users to click on a link and then downloads malware.

Craig Young, Cybersecurity Researcher for Tripwire told @DFMag;

“Many consumers will readily dismiss the possibility that someone would care about their location data but this is a prime example of how this seemingly low value data can play into a larger attack.   While a fake speeding ticket email might ordinarily be recognized as fake and ignored, including a person’s name along with a road they regularly drive immediately gives authenticity to the scam making it far more likely that the attack will succeed.  Social engineering is one of the most fundamental tools in the hacking toolkit and every hacker knows that realism is key in these efforts.

There are a variety of possibilities for how this attack is being orchestrated but the very localized nature of the attack could be an indicator of where the personal data is coming from.  One scenario which comes to mind is that the attacker is actually local to that area and is making use of malicious Wi-Fi networks to collect unencrypted data sent from victimized mobile phones.  Many apps are known to send location and other personal data to ad networks with an insecure connection but it is questionable whether someone could collect enough location data in this manner to produce fake speeding tickets.  Another possibility is that an app which is legitimately collecting location data may have been breached on the backend revealing a trove of personal data.  The attacker may have then decided to limit initial attacks to a small area while attempting to perfect the technique.  I would recommend that the local police look for common apps installed across residents who have been targeted by the scam.”