Australian Federal Police warns of bogus traffic infringement notices delivering malware: Alert Priority High
30 April 2015
Scammers are circulating fake traffic infringement notices by email to trick people into infecting their computers with malware that ‘locks’ their files until they pay a ransom.
The email purports to come from the Australian Federal Police and asks the recipient to pay a fine of $150 for a traffic infringement. The email includes a link to what claims to be the infringement notice issued to the recipient. However, clicking on the link actually sends the recipient to a web page that asks him or her to download the ‘notice’. This so-called notice is actually a file infected with ransomware designed to encrypt files on the recipient’s computer. The user is then asked to pay the scammers hundreds of dollars to receive a key to decrypt the files.
Screenshots of the fake email and web page are shown below:
Recipients may mistake the scam email and the web page as being authentic. Do not click on links or attachments in any message unless you are completely confident about its content.
You can always navigate to the original website or phone the source yourself—independently of links or information in the message—and cross check its information.
The Australian Federal Police is advising people to delete the email immediately.
There are many different versions of ransomware circulating and it can be difficult to identify which type you have encountered.
The most serious types of ransomware encrypt files on your computer or network using high quality encryption. The only way to recover your files is by succumbing to blackmail and paying the ransom for a key to unlock your information. However this may not necessarily guarantee the recovery of your data. You may forfeit your money, and still not recover your files.
As recovery of your system without the key is virtually impossible, the best solution can often be to restore your files from a clean backup, if you have one available.
Prevention is the best approach for any malware, and particularly this kind of ransomware.
There are also some less sophisticated types of ransomware that simply block access to your computer or pretend to lock your files. With careful action you can remove this ransomware and regain access to your files without paying a ransom.
If you suspect your computer or network is infected by ransomware, you should seek technical advice immediately. Time is critical.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.