Malware Phishing Alert: Fake “Payment Confirmation” Email Spam
Fake Payment Confirmation email messages
Have you received suspicious email messages with the subject Payment Confirmation? If so, you may fall victim to a common phishing email scam in which the sender claims to be from a government department such as the Florida Department of Highway Safety (via DoNotReply@flhsmv.gov) or Maricopa Country Sheriffs Office of Arizona if you click any links or download any files supplied in the Payment Confirmation email message.
The fake Payment Confirmation emails often claim to contain information concerning the recipient’s Drivers License Renewal and Regular Registration Renewal Please note, the information provided in the email is fake.
Fake Payment Confirmation Email Example:
The content below is an example of the fake Payment Confirmation email:
*** This is an automated email. Please do not reply *** Thank you for your payment of $109.79 to the Florida Department of Highway Safety and Motor Vehicles. You should receive your paid items within seven to ten days of the purchase date. If you have any questions regarding your payment, please contact us at: http://www.flhsmv.gov/html/contact.html You may provide the following information to Customer Service in the event you need to contact DHSMV regarding this payment. Your Confirmation ID: 57084174 Your DHSMV Tracking ID: 18452071 Your Shopping Cart Details: Item Number Transaction Details Cost --------------------- --------------------------------------------------- ------- 11939438 RENEWAL DRIVER LICENSE $40.00 41141295 REGULAR REGISTRATION RENEWAL 442HKU $57.47 Thank you for using the Florida Department of Highway Safety and Motor Vehicles online services!.
The Florida Department of Highway Safety and Motor Vehicles (FLHMSMG.GOV) reponse to the fraudulent email:
FOR IMMEDIATE RELEASE CONTACT: COURTNEY HEIDELBERG FEB. 7, 2013 (850) 617-3102 FRAUDSTERS USE AGENCY’S NAME AND EMAIL ADDRESS FOR PHISHING EXPEDITION ~ Highway safety agency warns of email spam ~ TALLAHASSEE, Fla. – The Florida Department of Highway Safety and Motor Vehicles warns the public to be aware of an email spam that surfaced this morning. Fraudsters are using the Department’s name and email address, DoNotReply@flhsmv.gov, to send emails that appear to be from DHSMV. The emails look like receipts from online transactions with the Department and include confirmation and tracking numbers. The numbers are not DHSMV tracking numbers, and the email addresses of the recipients did not come from DHSMV’s database. An indicator that the email is fraudulent is that it comes from two senders: DoNotReply@flhsmv.gov and another address that varies and may look like a personal email address. All Department email addresses contain @flhsmv.gov as the domain, and DHSMV does not send transactional receipts from personal email addresses. If you receive one of these emails and did not make a recent transaction, we recommend that you delete the message. If you have already opened the message, do not click any of the links within it. The emails are not from DHSMV, and the links embedded within take recipients to non-DHSMV websites that may contain malware. DHSMV wants the public to understand our system has not been hacked, and we have numerous measures in place to protect customers’ information. Rather, this is a type of spam where an email is made to look like it is from a trusted source and aims to trick the recipient into following a link that will lead to a website with malware. The name for this type of spam is “phishing.” DHSMV makes information security a top priority, and we aim to provide consumers with information they can use to protect themselves from scammers by sharing this information with the public. The Department offers the following recommendations for all computer users: • Update anti-virus software daily. • Update systems and programs (such as Adobe, Java, browsers and operating systems). • Be extremely wary of unexpected emails that contain links or attachments. Do not click on the links or open the attachments. • Users who click on such links should check their systems for abnormal activity. • Concerned users should change all passwords using a clean computer, especially passwords for financial institutions (both personal and corporate banking accounts). The Florida Department of Highway Safety and Motor Vehicles provides highway safety and security through excellence in service, education and enforcement. The Department is leading the way to a safer Florida through the efficient and professional execution of its core mission: the issuance of driver licenses, vehicle tags and titles and operation of the Florida Highway Patrol. To learn more about DHSMV and the services offered, visit www.flhsmv.gov, follow us on Twitter at @FDHSMV or find us on Facebook.
Do not click links, download files in fake Payment Confirmation email
Cyber criminals behind the fake Payment Confirmation email utilize malicious black hat tactics including email phishing, in which the attackers send fraudulent email messages to their victims in attempt to persuade them to click malicious links or download malicious files in order to infect a computer system with malware, such as spyware and Trojans that are used to collect sensitive information, including credit card numbers and identification information, and minuscule data such as browser activity and browser history (in order to accommodate a potentially undetected adware campaign).
If you have received an email with the subject Payment Confirmation, claiming to be from a government department containing information about Driver License Renewal, ignore it. Clicking links provided in the fake Payment Confirmation email’s content will likely install malware to the used computer system.
Detect and remove associated malware
If you accidentally clicked a link in the Payment Confirmation email your computer may be infected with malware. It is recommended to scan for malware and remove any malware if located using reputable software.
2. Update Malwarebytes Anti-Malware.
3. Perform full scan. Malwarebytes will automatically detect and remove malware if located.