Parking tickets actually malware attacks in disguise

Thu Feb 5, 2009 12:02PM EST

See Comments (75)

The last place anyone would expect to face a computer security attack is on the windshield of their car in the form of a parking ticket.

But that's the latest -- and intensely clever -- way that hackers are attempting to goad people into visiting infected websites and willingly install malware on their machines.

The scam is instantly clever once you hear how it works: Hackers print up phony "PARKING VIOLATION" notices and plaster them on cars parked on the street. The phony ticket directs the car's owner to visit a certain website, and of course the website in question (which largely seems to comprise of photos of badly parked cars) is a hack site which attempts to install malware on your PC.

Essentially what we have here is a phishing attack that takes place in the real world instead of via email. The use of fliers on parked cars is what's truly ingenious: A similar attack sent via postal mail would probably have minimal effect, but people are incredibly protective of their cars, and I imagine these windshield fliers will actually have a pretty good percentage of people typing in the URLs typed on them.

The good news -- for now -- is that the fliers are extremely crude, printed on yellow paper and offering nothing in the way of legal language that would compel a sophisticated and naturally skeptical reader to even visit the website in question. Like the earliest email phishing attacks, this attack may be simplistic, but it's probably a precursor of more advanced attacks to come. When hackers scan in real parking tickets and reprint them, replacing the URL printed there with one for a sophisticated attack site, then the sparks are going to start flying. (Installing malware is boring by comparison... I expect the real attacks will involve collecting money and hijacking credit cards and bank accounts wholesale.)

This appears to be a very limited attack (reported only in Grand Forks, North Dakota) for the time being, but it's a good idea to keep your skepticism handy next time you receive a parking "violation," just in case.

Comments on Parking tickets actually malware attacks in disguise

Post a Comment

Join in the discussion. Here you'll see the comments in the order they were posted.

  • 46 Posted by bob_merrigan on Thu Sep 3, 2009 3:10PM EDT Report Abuse

    LADIES... please consider doing more geeks, as this will keep them busy, and out of this type of trouble.

  • 47 Posted by above90hz on Thu Sep 3, 2009 2:44PM EDT Report Abuse

    Hey thanks for giving all the wanna-be criminals across the country who had NOT thought of this the opportunity to learn a new way to steal from the public. Good reporting. Next time maybe you could write an article detailing exactly how cyber-criminals hack into people's bank accounts.

  • 48 Posted by chaycane on Thu Sep 3, 2009 3:22PM EDT Report Abuse

    String them up on the 6 o'clock news, tar and feather.

  • 49 Posted by jmonroe44 on Thu Sep 3, 2009 4:37PM EDT Report Abuse

    I say find them and take them out to the town square and in front of their families blow their brains out.

  • 50 Posted by dearhunner on Thu Sep 3, 2009 3:39PM EDT Report Abuse

    Im from Grand forks, ND. There was a couple people that fell to the trick. They were placed on vehicles on campus and close to campus. Didnt do much harm though. The word got out fast. Still looking for suspects

  • 51 Posted by waya77 on Thu Sep 3, 2009 10:41PM EDT Report Abuse

    Seems like hackers have finally slipped up and given us a way to track them down. All we need now is a police department willing to give it the effort. The police should keep in mind that this is an opportunity to get a foot into the door of this secretive underground world and actually make some progress into stopping what has caused so much misery for so many people. To do this they need to fingerprint and take DNA samples from these envelopes. Some may give instant match ups and others can be kept and compared to people as they are arrested or apply for jobs where finger printing is required. Sooner or later they will catch one or two and convince them to reveal the way into the belly of the beast. Part of the appeal of hacking is that it is difficult to be caught. Once that changes fewer people will take the risk.

  • 52 Posted by saiyajin435 on Thu Sep 3, 2009 9:00PM EDT Report Abuse

    And thank you Yahoo for publicizing the now localized scam so it can happen nationwide. This has been said before but giving national attention to a scam will only poularize it more. All the other hackers now have a great new idea thanks to publicity and thanks to idiots who don't know when a website is secure or legitimate. Thanks Yahoo!!! Making useless news useful.

  • 53 Posted by hockeybuster17 on Thu Sep 3, 2009 4:19PM EDT Report Abuse

    First off, this is not hacking. Hacking would be tracing credit cards as they are scanned through gas stations or atm's. Secondly, anyone who goes to a website without .gov extension in the domain to pay a parking ticket is an idiot.

  • 54 Posted by bedgett81 on Thu Sep 3, 2009 3:04PM EDT Report Abuse

    Way to tell every hacker about this scam yahoo! Now we will see it widespread.

  • 55 Posted by ryonaldr on Thu Sep 3, 2009 8:57PM EDT Report Abuse

    Wow. So what's the Traffic Bureau's doing with this scam.

  • 56 Posted by daveb897 on Thu Sep 3, 2009 3:37PM EDT Report Abuse

    For all you idiots wondering what the payoff is.. we'll the malware is basically ads running on your computer. OR it will try to trick you into giving you personal info such as social security number or credit card. Believe it or not but enough people buy stuff from the scammers to make it worth it.. If they didn't the scammers wouldn't do it. Most people are easily fooled into giving such personal info. They are called Dumb Asses.

  • 57 Posted by crystalsprings001 on Thu Sep 3, 2009 3:31PM EDT Report Abuse

    This is actually very ingenious. If the hackers pick it up a notch they'll probably have better luck. Ya know ... better looking tickets and a better web site. Everyone get's busy and that's what they're hoping for. People are also very protective of their cars. The plus for the hacker is a higher percentage of people will repond - the catch is the point of contact or placing the ticket on the car - they'll probably use some kids or homeless people to dispurse the tickets

  • 58 Posted by caridtaylor75@ymail.com on Thu Sep 3, 2009 3:18PM EDT Report Abuse

    I dont know alot about viruses. I can honestly say unless this has a web site directley to your county or city I wouldn't fall for it. But my question is what do they gain by someone getting the malware?

  • 59 Posted by jakent66 on Thu Sep 3, 2009 4:27PM EDT Report Abuse

    New Law; bullet in the back of the head for hackers. In real life; they get offers of jobs

  • 60 Posted by songofcat on Thu Sep 3, 2009 9:32PM EDT Report Abuse

    Not something that would work with me. Since I park legally, I'd be taking the ticket to the city to complain about being improperly ticketed, and the ruse would become apparent at that point. So, there's a simple answer, people... park legally!

  • 61 Posted by sun_octavian on Thu Sep 3, 2009 9:48PM EDT Report Abuse

    This isn't clever at all. All you have to do is call your local police station, read the ticket, and they'll let you know whether it's real or not. What idiot would go to a website in regards to a LOCAL situation.

  • 62 Posted by hophead828 on Thu Sep 3, 2009 4:20PM EDT Report Abuse

    Sounds to me to be a defense for not paying your ticket. Just say you would have staked your life that it was a phony ticket.

  • 63 Posted by spades_champ67 on Thu Sep 3, 2009 9:34PM EDT Report Abuse

    Sounds Like What They Did In Chicago IL A Few Years Back. They sent People Parking Tickets From Chicago IL. I Live In Olney IL. I received 5 Parking Tickets in Onc Month And Was Never There. I turned them Over to A Olney Police Officer To See What He Could Find Out.The Daley Politicians Were Trying To Scam People Out Of Money They Said A Faulty Computer Was Printing Up The Tickets And Mailing Them Out.

  • 64 Posted by alexshaw76 on Thu Sep 3, 2009 2:50PM EDT Report Abuse

    i think it would only be fair for the hackers to target only government cars judges senators and see if they can scam them as i don't really see a point for some of the practices these parking attendents use.

  • 65 Posted by candbev on Thu Sep 3, 2009 3:17PM EDT Report Abuse

    Anything to do with legal subjects I always have them checked out by the proper authorities. With that said, I once got a ticket for littering, based on what a person following me told a state police. He had said that I threw out some type of Pepsi container for which the rear tire, passenger side hit. I was traveling about forty mph in traffic. When I took the ticket to the police station, the issuing cop wasn't there, the other cops just laughed in disbelief. Needless to say that ticket was destroyed.

More Posts: First Prev 2 3 4 5 Next Last

Post a Comment

Sign In to Post a Comment

My Tech

Please enable your browser's cookies to activate the My Tech column.

Also on Yahoo! Tech

Computers Home Office Wi-Fi & Networking Phones & PDAs Cameras & Camcorders TV & Home Theater Portable Audio
 

Site Map | Tour | Subscribe to Yahoo! Tech

Question and Answer content at Yahoo! Tech is written by Yahoo! users at Yahoo! Answers. Yahoo! does not evaluate or guarantee the accuracy of any Yahoo! Answers content. For more information, read the Full Disclaimer.

Opinions expressed by the Advisors are their own and do not necessarily reflect the views of Yahoo! Inc. Yahoo! receives no compensation from any manufacturer or distributor nor does it compensate any Advisor for the coverage of any product or service in any Advisor's content.