Powered by Movable Type 3.121
Home The Book Training Events Tools Stats
Web log archive.
A Dispatch

« More "Open The Attachment" Tricks | Main | Back to Spam »

August 17, 2011

Yet Another Attachment Trick - Uniform Traffic Ticket

Maybe this will turn into a "One Trick Per Day" series after yesterday's malware attachment con. Today I'm in trouble for a speeding ticket in New York (uh huh):

Phony speeding ticket message

I'm sure that many recipients of this message are incensed at being accused of a traffic violation, most likely in a place they haven't been in some time. This will, um, drive them to open the attachment, rather than examine the message for the various errors. The two most egregious are:

  • The forged header's date is one day before the alleged offense. Now that's one helluva radar gun. It's clairvoyant.
  • They fail to supply the city and ZIP code in the mailing address. Moreover, they're probably referring to Chatham, not Chatam.

My email client failed to show the attachment as a clickable entity. Perhaps there is an error in the multi-part coding. But from the message's source code, I see that the attachment in the copy I received is named Ticket-064-211.zip.

As the crook assembled the forged header, he did go to the trouble of making it appear as though the message originated in an IP address block owned by a New York government agency (although for New York City). Of course, I doubt any New York agency would use an email server in the middle of Russia.

So, it's just more of the same with, I'm sure, more yet to come.

Posted on August 17, 2011 at 08:56 AM