Malware Scam Uses Phone GPS Data to Pose as Traffic Cops

Email-based scams often trick users into clicking a link by purporting to be from law enforcement agencies or police authorities. A new malware scam out of the small town of Tredyffrin, Pennsylvania takes the concept to the next level by using GPS data to create a greater sense of legitimacy.

According to a report from The Verge, the new scam works by tricking victims into thinking they owe fines for speeding citations. Unlike many email scams, though, this one doesn’t sell the charade by making the email look as official as possible, but by disclosing information that no one but police departments should have.

Specifically, the scam includes very accurate driving data for each victim, including date, time, street locations, speed limit, and actual driving speed. Essentially, you get one of these emails, assume you were flagged speeding by an automated police sensor, and click the link for an “infraction statement” that supposedly “contains an image of your license plate and the citation which must be paid in 5 working days.”

Of course, the link doesn’t actually lead to an infraction statement, nor is there an image of your license plate—or any license plate—included in this email. Instead, the link includes a piece of malware that then automatically downloads itself onto your computer.

The obvious question is how scammers are getting ahold of such accurate speeding data for Tredyffrin drivers? Did they hack a police scanner? Is the scam being run from inside a corrupt police station?

Apparently, the answer is none of the above. Rather, security experts think that the data is coming from victims’ cell phones. Apps, both legitimate and malicious, use GPS data for a variety of reasons—from providing driving directions to offering location-based recommendations of restaurants and entertainment. GPS technology, in turn, can be used to calculate a person’s approximate travel speed. The Verge article noted that no one is sure which app is delivering the speeding information for this scam, but that the sources “could either be a legitimate app that has been compromised, or a purpose-built malicious app.”

The Verge piece also noted that, right now, this particular scam is “hyper-local” for the time being. Drivers outside of Tredyffrin probably don’t have to worry about it. However, the idea behind the scam is a clever twist on a model that has proven successful in the past, which means that other cybercriminals will likely start creating copycat versions of it soon.