July 2014: Phishing Scams Target E-ZPass
Users of the toll collection company E-ZPass are being warned of a new phishing scam that is being sent masquerading as a delinquent payment notification. The company states that, even if users have a payment due, invoices are only sent directly to home addresses via the United States Postal Service. These emails appear to be using E-ZPass's brand colors but are poorly worded and ask users to download an infected file.
One such email reads:
You have not paid for driving on a toll road. This invoice is sent repeatedly, please service your debt in the shortest possible time.
The invoice can be downloaded here."
Security professionals have determined that the malware that is installed is primarily being used for advertising click-fraud, but that the program could also be used to steal other sensitive information such as passwords and financial data. The contact information used as a source for these emails is seemingly random, as not all targets are E-ZPass customers. Always remember to verify suspicious email with the sender, and never open attachments from unsolicited email.