Malware : E-ZPass Unpaid Toll Email Links to Malware Website
OutlineEmail purporting to be from US toll collection system E-ZPass claims that the recipient has not paid for driving on a toll road and should click a link to download an invoice.
Pin to share (Pic will Pin larger)
Brief AnalysisThe email is not from E-ZPass. It is a criminal ruse designed to trick you into downloading malware to your computer. If you receive this message, do not click any links or open any attachments that it contains.
Scroll down to read a detailed analysis with references.
From: Collection Agency
Subject: Pay for driving on toll road
E-ZPass Service Center
You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.
The invoice can be downloaded here.
'E-ZPass' Email Claims Recipient Has Unpaid Toll
The email, which includes the E-ZPass logo, claims that the invoice has already been sent to you repeatedly and warns that you should service your debt 'in the shortest possible time'.
Email is Not From E-ZPass - Links to Malware
In fact, clicking the link will take you to a website that harbours a version of the Asprox/Kuluoz malware hidden inside a fake invoice .zip file. Once installed, the malware attempts to download further malware and allows criminals to maintain control of the infected computer.
Subject lines and other details in the malware emails may vary.
New York State Thruway has published a notice on its website warning users about the bogus E-ZPass emails.
If you receive one of these emails, do not click any links or open any attachments that it contains.
Last updated: July 11, 2014
First published: July 11, 2014
By Brett M. Christensen