Malware Phishing Alert: Fake “Payment Confirmation” Email Spam

Fake Payment Confirmation email messages

Have you received suspicious email messages with the subject Payment Confirmation? If so, you may fall victim to a common phishing email scam in which the sender claims to be from a government department such as the Florida Department of Highway Safety (via DoNotReply@flhsmv.gov) or Maricopa Country Sheriffs Office of Arizona if you click any links or download any files supplied in the Payment Confirmation email message.

Payment Confirmation Spam Email

The fake Payment Confirmation emails often claim to contain information concerning the recipient’s Drivers License Renewal and Regular Registration Renewal  Please note, the information provided in the email is fake.

Fake Payment Confirmation Email Example:

The content below is an example of the fake Payment Confirmation email:

*** This is an automated email. Please do not reply ***

Thank you for your payment of $109.79 to the Florida Department of Highway Safety and Motor Vehicles. You should receive your paid items within seven to ten days of the purchase date.

If you have any questions regarding your payment, please contact us at: http://www.flhsmv.gov/html/contact.html

You may provide the following information to Customer Service in the event you need to contact DHSMV regarding this payment.

Your Confirmation ID: 57084174

Your DHSMV Tracking ID: 18452071

Your Shopping Cart Details:

Item Number Transaction Details Cost
--------------------- --------------------------------------------------- -------
11939438 RENEWAL DRIVER LICENSE $40.00
41141295 REGULAR REGISTRATION RENEWAL 442HKU $57.47
Thank you for using the Florida Department of Highway Safety and Motor Vehicles online services!.

FLHMSMG.GOV Release:

The Florida Department of Highway Safety and Motor Vehicles (FLHMSMG.GOV) reponse to the fraudulent email:

FOR IMMEDIATE RELEASE CONTACT: COURTNEY HEIDELBERG
FEB. 7, 2013 (850) 617-3102
FRAUDSTERS USE AGENCY’S NAME AND EMAIL ADDRESS
FOR PHISHING EXPEDITION
~ Highway safety agency warns of email spam ~
TALLAHASSEE, Fla. – The Florida Department of Highway Safety and Motor Vehicles warns the public to be aware of
an email spam that surfaced this morning. Fraudsters are using the Department’s name and email address,
DoNotReply@flhsmv.gov, to send emails that appear to be from DHSMV. The emails look like receipts from online
transactions with the Department and include confirmation and tracking numbers. The numbers are not DHSMV tracking
numbers, and the email addresses of the recipients did not come from DHSMV’s database.
An indicator that the email is fraudulent is that it comes from two senders: DoNotReply@flhsmv.gov and another address
that varies and may look like a personal email address. All Department email addresses contain @flhsmv.gov as the
domain, and DHSMV does not send transactional receipts from personal email addresses.
If you receive one of these emails and did not make a recent transaction, we recommend that you delete the message. If
you have already opened the message, do not click any of the links within it. The emails are not from DHSMV, and the
links embedded within take recipients to non-DHSMV websites that may contain malware.
DHSMV wants the public to understand our system has not been hacked, and we have numerous measures in place to
protect customers’ information. Rather, this is a type of spam where an email is made to look like it is from a trusted
source and aims to trick the recipient into following a link that will lead to a website with malware. The name for this type
of spam is “phishing.”
DHSMV makes information security a top priority, and we aim to provide consumers with information they can use to
protect themselves from scammers by sharing this information with the public.
The Department offers the following recommendations for all computer users:
• Update anti-virus software daily.
• Update systems and programs (such as Adobe, Java, browsers and operating systems).
• Be extremely wary of unexpected emails that contain links or attachments. Do not click on the links or open the
attachments.
• Users who click on such links should check their systems for abnormal activity.
• Concerned users should change all passwords using a clean computer, especially passwords for financial
institutions (both personal and corporate banking accounts).
The Florida Department of Highway Safety and Motor Vehicles provides highway safety and security through excellence
in service, education and enforcement. The Department is leading the way to a safer Florida through the efficient and
professional execution of its core mission: the issuance of driver licenses, vehicle tags and titles and operation of the
Florida Highway Patrol. To learn more about DHSMV and the services offered, visit www.flhsmv.gov, follow us on
Twitter at @FDHSMV or find us on Facebook.

Do not click links, download files in fake Payment Confirmation email

Cyber criminals behind the fake Payment Confirmation email utilize malicious black hat tactics including email phishing, in which the attackers send fraudulent email messages to their victims in attempt to persuade them to click malicious links or download malicious files in order to infect a computer system with malware, such as spyware and Trojans that are used to collect sensitive information, including credit card numbers and identification information, and minuscule data such as browser activity and browser history (in order to accommodate a potentially undetected adware campaign).

Fake Payment Confirmation Email Spam

If you have received an email with the subject Payment Confirmation, claiming to be from a government department containing information about Driver License Renewal, ignore it. Clicking links provided in the fake Payment Confirmation email’s content will likely install malware to the used computer system.

Detect and remove associated malware

If you accidentally clicked a link in the Payment Confirmation email your computer may be infected with malware. It is recommended to scan for malware and remove any malware if located using reputable software.

1. Install Malwarebytes Anti-Malware.

2. Update Malwarebytes Anti-Malware.

3. Perform full scan. Malwarebytes will automatically detect and remove malware if located.

Malwarebytes Perform Full Scan


Sean Doyle

http://Botcrawl.com

Sean Doyle is an engineer from Los Angeles, California. Sean's primary focuses include Internet Security, Web Spam, and Online Marketing.

Comment ( 1 )

  1. ReplyAnonymous
    this e-mail go all around world. 11.02.2012 we found this e-mail in Latvia. They are fishing sensitive data:((((