Expert: Fake UND parking tickets a new phishing tactic
GRAND FORKS - Whoever has been issuing phony parking tickets in Grand Forks trying to lure people to a malicious Web site may be on the cutting edge of Internet phishing.
"Truly, I have not seen such a creative approach in starting the infection chain before," said Lenny Zeltser, a computer security expert who caught wind of the scheme and analyzed the virus-laden site the tickets suggest visiting.
While the virus the site transmits is run-of-the-mill, Zeltser said, the ploy to ensnare people is innovative in the way it merges the physical and virtual worlds. Phishing scams typically are limited to the Internet and don't make solicitations elsewhere.
The tickets have turned up on vehicles in parking lots at UND, Columbia Mall, Altru Hospital and Hugo's grocery store on Columbia Road, according to various reports.
The tickets are yellow and say: "PARKING VIOLATION This vehicle is in violation of standard parking regulations. To view pictures with information about your parking preferences, go to HORRIBLEPARKING.COM."
Zeltser bravely paid that site a visit as part of his volunteer work for the Maryland-based SANS (SysAdmin, Audit, Network, Security) Institute, which researches information security and offers specialized training on the topic.
At the site, Zeltser found photos of poorly parked vehicles that, as far as the New Yorker could tell, are local. One photo he posted on a SANS blog shows a sport-utility vehicle straddling yellow lines in what appears to be the lot in front of Gordmans department store in Grand Forks. Embedded in the photos was information that told what type of camera was used and that the photos were edited to blur the license plates.
Zeltser, who works as a computer security consultant, went through the steps to contract the virus but ran out of time before he could discover its ultimate goal. He suspects the scheme could have the following intentions:
1) to enslave computers as "bots," PCs remotely controlled for the purpose of disseminating spam or launching attacks to crash Web sites
2) to install spyware in computers to obtain users' personal or financial data
3) to trick victims into buying fake anti-virus software
"Ultimately, the motivation is financial because nobody's doing it for kicks," he said.
Emphasizing that these are all just theories, Zeltser added that somebody might be getting paid to distribute these fliers, possibly making money every time somebody gets taken in.
Zeltser said the strategy is clever because people are more trusting in the physical world. "I imagine we'll be seeing such approaches more often," he wrote on the blog.
But it's hard to say how well this apparently new strategy in phishing is working. The Herald has heard of several reports of tickets being found on vehicles, but so far only two people are known to have contracted the computer virus.
Grand Forks Police officials said Wednesday the department hasn't received any reports of the fake tickets, but officers have been told to watch for them and complete a criminal report if any are found. The city has an ordinance against posting fliers on vehicles, Lt. Mark Nelson said.
Anyone with information regarding these tickets should call Grand Forks police at (701) 787-8000 or UND police at (701) 777-3491.
- On the Web: SANS Institute: http://isc.sans.org/diary.html?storyid=5797