Gootkit banking Trojan via Fake UKPC parking penalty appeals

I am hearing about a return of the fake UKPC parking charge appeals scam which has been quiet for about 1 year. At this time I don’t have a copy of the email that was received by the victim, only the link that was in it. I assume the email will be very similar to the ones described in these 2 posts [1] [2].

UKPC are a nationwide company that controls parking on private property throughout many parts of the UK. They do not ( as far as I can tell) control on street parking on behalf of any Local Authority in the UK. There is a lot of information on the internet suggesting UKPC are a scam or less scrupulous company that regularly breaks the law and issues non enforceable penalty notices, for spurious “offences”. I am not going to get into the argument over private parking companies sending out penalty notices here. This post is alerting to a current malware delivery campaign using the UKPC logo & imitation of their website to scam recipients & steal banking details.

These campaigns are generally very well done & use sites that resemble strongly the genuine UKPC Appeals site ukpcappeals.co.uk.

The current domain being used in this malware delivery scam is ukpcappeals.org which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site. The criminals behind this scam have made it much more diffic ..