Rainspace Computing Inc.

Scam of the Week: DMV Warns Drivers About Traffic Ticket Phishing

Online reporter Doug Olenick at SC Media was the first to point to a press release from the NY State Department of Motor Vehicles warning about a phishing scam where New York drivers are being targeted, stating they have 48 hours to pay a fine or have their driver's license revoked. This may happen in your state as well, so this is your heads-up.

The NY DMV alerted motorists that the scam is just bait to entice them to click on a “payment” link that will in turn infect their workstation with malware. The DMV does not know how many people have been affected, but Owen McShane, director of investigations at New York State DMV, said calls came in from New York City, Albany and Syracuse.

Olenick was able to get a bit more detail: "The malware being dropped came in two categories. The first simply placed a tracking tool on the victim's computer to see what websites were visited; and the second, more nefarious, attempted to acquire a variety of personally identifiable information, such as names, Social Security numbers, date of birth and credit card information."

There are several social engineering red flags that show the email is a scam. The supplied links lead to sites without an ny.gov URL, tied to the fact that the state would never make such a request. Here is what the phishing email looks like:
https://blog.knowbe4.com/scam-of-the-week-dmv-warns-drivers-about-traffic-ticket-phishing

“The Department of Motor Vehicles does not send emails urging motorists to pay traffic tickets within 48 hours or lose your license,” said Terri Egan, DMV deputy executive commissioner, in a statement.

McShane noted that this scam is similar to one that hit the state about 18 months ago. The DMV, he said, is often used as bait in phishing attacks. Most previous attacks only lasted for 24 to 48 hours and this attack seems to have wrapped up too at this point, he added. This means that the bad guys may have moved on to other states with this attack, so...

Scam Of The Week: DMV Warns Drivers About Traffic Ticket Phishing Scam Of The Week: DMV Warns Drivers About Traffic Ticket Phishing

Be careful out there folks, there is a new zero day exploit that targets Microsoft Word. Hackers are embedding malware inside of Word docs that allow them to take over control of the machine the document is opened on.

Always make sure to have multiple forms of security on your computing devices and that your email provider is responsive to these types of threats. If you don't have either of those please reach out to us.

https://www.cyberscoop.com/microsoft-patch-zero-day-office-ole-vulnerability-mcafee-fireeye-responsible-disclosure/

Microsoft will patch zero day vuln revealed by McAfee, FireEye - CyberScoop McAfee chose to disclose the vulnerability four days before the Microsoft patch was due to be published, but won't say why.