Bogus Pay by Phone emails trick users into opening malicious attachment
We’ve often seen bogus traffic tickets being sent out via email in an attempt to spread malware or to lure users to malicious websites. However, it appears that some crooks consider parking tickets to be just as effective.Avast! experts have come across an email entitled “Pay by Phone Parking Receipt,” which purports to originate from Pay by Phone (firstname.lastname@example.org) – a UK company that offers cashless parking services.
While the email address and the name of the company may seem legitimate, they’re not. The emails are an attempt to get recipients to open the attached file, which hides a piece of malware detected by Avast! products as Win32:Injector-AVW.
The cybercriminals are probably relying on the fact that although the recipients haven’t been to St. Barnabas Street in Westminster, they might rush to open the attachment after seeing that they have to pay 33.30 (the currency is not specified) for one hour of parking.
Judging by the fact that this particular email was detected in the Czech Republic, it may mean that the campaign is designed to target users from various countries, not just the UK. This is why we advise all internauts to be careful, especially if they’re actual customers of Pay by Phone.