Cunning malware scam targets drivers whose GPS data is leaking

[Read the post]


I was using public transit.
Go figure.


Some of us are aware that the police communicate with suspects with the US Mail, not email. We also have our email display set to ‘raw ASCII text’ to allow us to see the real domain name of the scammers.


Where can I buy a (new) car with NO computer.

1 Like

Yeah, but some of us are not aware that the Nigerian prince isn’t legit, and that’s all the 409 scammer needs.

Besides, that doesn’t make this less clever, just marginally less effective on a per capita basis. The next iteration of the scam–perhaps augmented by your constructive criticism–will do it through the mail. You can send a check or money order to [fake address], or you can just pay it like most people pay parking or moving violations these days, online. If the scammers are really smart they’ll tack on a $5 “convenience fee” for added verisimilitude.

At least in concept, I’d say this scam/hack deserves a fair amount of grudging respect.


This is about your phone leaking data, not your car.


I just want to know where they get the license plate pic. Is it merely a close-up shot of a random plate?
I assume so, as it doesn’t have to to be the right plate, just enough to get somebody to click, “That’s not my plate! Oh, fu…”

It’s only a matter of time, though…

I saw a lot of similar email scams in my inbox a year or two ago, but putting accurate information in there certainly steps up the game. It was always interesting to see “speeding tickets” and “lawsuits” for states and countries I’ve never been in. I was almost sad when I completely stopped getting them after a tweak to my mail server’s spam detection.


[Formula] 409 scammers are the cleanest. :wink:


They don’t send a photo of your license plate. They send you an e-mail saying “click here to view the photo of your license plate” and when you click, it downloads the malware payload instead.


This is particularly plausible because Philadelphia has red-light cams that issue automated citations. It’s easy to imagine auto-doppler coming next.


And people wonder why I always leave my location off on my phone. In addition to sucking up all my battery I already know where I am.


Oh, derp.

I’ll just be over here in the corner, rocking and humming…


In the Olde Days before e-mail scams, I got a letter from the New Orleans PD claiming I owed on a traffic infraction in that town. Oddly enough, I was in school several states away at the time, and was not using the car it claimed I was driving (my parents’). I sent a letter asking them how I could be in 2 places at once (with proof), but never heard back. Most peculiar; I still don’t know if it was a primitive phishing scam or a legit mistake.


That is not “some GPS-enabled app”. All that data comes from Waze, current speed is part of your waze profile and it is shared with other waze users and on waze live map. Waze also has speed limit data. Police should start using Waze live map to issue live tickets.

1 Like

GPS data just isn’t accurate enough for that, especially phone GPS. Too much spiking and drifting.

I used to be responsible for an algorithm that filtered out erroneous GPS data. We had roof mounted antennae and I think we got a pretty good accuracy rate, but it’s still never going to be perfect.

Not to mention the practical difficulties they would have in determining who to fine. Me? I was in the passenger seat giving directions.

I have a screenshot somewhere of my GPS telling me I was doing 549 mph on my 1962 lambretta


Not everybody clicks on malware either. But assuming that 100 people will pay $200 for each 10,000 automated tickets sent, you can build quite a budget.

Speed cameras have been around for thirty years. They’re expensive, extremely unpopular, and of dubious efficacy.

This topic was automatically closed after 5 days. New replies are no longer allowed.