Fake email (PCN) Parking Charge Notice from Havering London Borough

MX Lab, http://www.mxlab.eu, started to intercept a new malware distribution campaign by email with the notification of a parking chare note from Havering London Borough

Email Reporting Service (PCN) ID: IBC/237
Email Notification Service (PCN) Record ID: NWT/99
Email Reminder Service (PCN) Record ID: MHD/611

This email is send from the spoofed addresses:

The London Borough of Havering <notification@haveringborough.com>
The London Borough of Havering <notice@haveringborough.com>
The London Borough of Havering <support@haveringborough.com>
The London Borough of Havering <mail@haveringborough.com>

The email has the following content:

Havering London Borough
Traffic Management Act 2004 by Regulation 9 of the Civil Enforcement of Parking Contravention (England) General Regulation 2007
Service by Civil Enforcement Officer

(PCN) Parking Charge Notice

Date of Service of The Notice: 14/02/2017
Was Seen On : Kirton Close
By Attendant: 13955 – Who believed that violation was being committed
Neglection: Parked after the expiry of paid for time
At 12:46 On: 14/02/2017
If you don’t agree with the penalty, you can raise an objection the fine.

Take a look Video/Photographic Evidence of Your PCN
Protest The Ticket
A penalty bill is now payable and must be paid not later than the final day of the time slot of 28 days beginning with the date on which this penalty charge notice was given, otherwise the penalty fine will reduce by 50%.

© Copyright The London Borough of Havering 2016
Powered by Jadu Continuum. Handcrafted by Spacecraft. Havering London Borough

Screenshot of the email:

The embedded URL Check video takes you to the site hxxp://bungy.com.au/wp-admin/includes/tmcpjdl/toqxhscx.php which in turn will redirect you to hxxp://xpw3.haveringborough.com/data/36110_BD/info_send/00029938/penalty_view.php.

On this page you need to confirm the captcha code and then the file 5ew5D.zip is downloaded (file name will change with each download).

The extracted file Ticket_Evidence_DOC0337-P2.js is a malicious Javascript. The malware is detected by 2/55 AV engines at Virus Total.

The official site is located at https://www.havering.gov.uk/ and Havering London is also warning for this email scam on their homepage at this time.

3 thoughts on “Fake email (PCN) Parking Charge Notice from Havering London Borough

  1. My boss received this email and opened it numerous times.
    AVG recognized it once and quarantined it.
    With scans with AVG, NOD32 and Malwarebytes – Nothing has now been detected on the system.
    Is there a need to worry about the fact the script was run numerous times?
    He is worried that if he does internet banking etc, it may not be safe.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s