Threat Research

Just in case... before you pay (!)

Jan Širmer, 7 November 2012

Just in case... before you pay (!)

The phishing scam creators are really getting creative. Of course one could question their targeting such in this case. Czech republic is known for our quite lenient view of laws and rules and – especially – the need to pay (or the lack of there off) of any fines especially when imposed by so called municipal police. Who would bother... Hence, an email urging to pay a fine is normally filed directly into the ‘round file’. Known as trash. Well in this case… there actually might be a good reason to look at this closely ;)


The email declares to be a notification about an unpaid ticket for parking at St Barnabas Street in Westminster City. Damn. How did they know I was there?! Well I wasn’t. And of course this email is a scam like many others. This particular is being send from an email address which actually might look legitimate because is legitimate company in United Kingdom. Aside of the fact that I was not EVER in Westminster there are other signs to look for…

- For starters… Police – not even the Czech – would issue an email like this.

- My car doesn’t have a license plate number 4JHC935

- And the price of 33.30 per hour is damn high. (well if you really pay that in UK I’m really sorry)

The subject of emails was the same in all cases "Pay by Phone Parking Receipt" and these email contains the same attachment. A file called but after unpacking the reader would find a file called Pay_by_Phone_Parking_Receipt.pdf.exe

Anyway. The file hash is…. 2E8F3A5FD6605821FBF071C1DA6B90CB18903A433CF44776432625A4A1E58727

And AVAST is detecting it as Win32:Injector-AVW


Stay safe. Look forward to the weekend.

PS: don’t avoid paying the parking fees in a real life. ;)