We all see plenty of email scams landing in our inbox, whether it’s the ex-finance minister of some third-world dictatorship asking us for help moving around vast sums of loot, or some phishing teenage hacker trying his best to look like Apple Customer Service. But this new speeding ticket scam hitting inboxes in the region really takes the cake.
The Tredyffrin Police Department in Chester County announced the speeding ticket scam this week, explaining that three local residents reported receiving emails notifying them of speeding infractions. Tredyffrin doesn’t have speed cameras, and the police say that they have nothing to do with these citation notices, but here’s the thing: The residents were, in fact, speeding at the locations cited in the citations.
Investigators shared a redacted version of one of the emails with Philadelphia magazine, and we mocked it up to show you what the speeding ticket scam looks like. The sender is the actual sender that appears on the bogus citation email.
From: Speeding Citation (email@example.com)
Subject: Notification of excess speed
First Name: Victor
Last Name: Fiorillo
Notification of excess speed
Route: Mill Road
Date: 8 March 2016
Time: 7:55 am
Speed Limit: 40
Detected Speed: 52
The Infraction Statement contains an image of your license plate and the citation which must be paid in 5 working days.
Again, police say that the people named in the emails were speeding at the location and time listed in the fake infraction notices.
How is this possible? Well, investigators suspect that a hacker has exploited a security flaw in some GPS-enabled smartphone app. If you know where your target is located and how long it takes them to get from Point A to Point B, then you can do a quick computation to determine how fast they were traveling.
Police say that it doesn’t look like this speeding ticket scam is actually an attempt to get you to fork over fines to some bogus entity. Instead, they say it appears that when the recipient clicks on the link at the bottom of the message — the one that mentions the image of the license plate — some form of malware is automatically downloaded to the person’s computer. The message does not contain the driver’s actual license plate number.
And in case you’re wondering, the drivers aren’t liable for any fines even though they were speeding, because Tredyffrin police don’t cite drivers for speeding unless a real, live cop catches them in the act, which we think is very sporting of them.
Follow @VictorFiorillo on Twitter.