MALWARE - 'Traffic Accident With Your Car' Email
OutlineEmail claims that the recipient 'hurt' the sender's car in a traffic accident and urges him or her to view photos of the accident by opening an attached file.
© Depositphotos.com/ payphoto
Brief AnalysisThe claims in the email are untrue and the attachment does not contain photographs of a traffic accident. Instead, the attachment harbours malware. If you receive one of these emails, do not open any attachments or click any links that it contains.
Scroll down to read a detailed analysis with references.
You hurt my car on the road. Look at these photos in the attached archive and contact me as soon as possible.
Otherwise you'll get legal action.
Attached file: IMG_0612.zip
This email, which purports to be from a disgruntled car owner, claims that the recipient 'hurt' the sender's car in a traffic accident. The sender urges the recipient to open an attached archive to view photographs of the accident. The email threatens legal action if the recipient does not contact the sender.
However, the message is not from a person who had a car damaged in a traffic accident as claimed. And, the attachment does not contain photographs of any accident. Instead, the attachment hides a file that, if opened, can install malware on the victim's computer.
The message attempts to panic or anger people so that they will open the attachment without due care. At least a few recipients, knowing that they have not been involved in an accident as claimed, may open the attached .zip file and then clicked the enclosed .scr file executable in the hope of seeing the supposed accident photographs.
Once run, the file can install software that can record keystrokes on the compromised computer and perform other malicious actions. Sensitive personal information harvested from the infected computer may be relayed to criminals.
Criminals use many tactics designed to trick people into opening an attached file or clicking a link. In another traffic-related ruse, criminals sent out bogus traffic ticket notifications that contained malware in an attached file.
If you receive one of these fake traffic accident report emails, do not open any attachments or click any links that it contains.
Last updated: March 31, 2014
First published: March 31, 2014
Written by Brett M. Christensen