UKPC are a nationwide company that controls parking on private property throughout many parts of the UK. They issue non enforceable penalty notices.
This report is alerting individuals to a current malware delivery campaign using the UKPC logo and imitation of their website to scam recipients and steal banking details. These campaigns are generally very well done and use sites that resemble strongly the genuine UKPC Appeals site ukpcappeals.co.uk.
The current domain being used in this malware delivery scam is ukpcappeals.org which is a look-a-like, typo-squatted domain name. They seek to socially engineer the recipient to open an attachment which ultimately downloads Gootkit banking trojan.
These malicious attachments normally have a password stealing component, with the aim of stealing your bank, PayPal or other financial details along with your email or FTP log in credentials.
Many of them are also designed to specifically steal your Facebook and other social network log in details. A very high proportion are ransomware versions that encrypt your files and demand money (about £350/$400) to recover the files. The linked report provides additional IOCs.
With thanks to the Cyber Defence Alliance. The full report is here: https://myonlinesecurity.co.uk/gootkit-banking-trojan-via-fake-ukpc-parking-penalty-appeals/
Find out how affordable cyber security awareness training is for your organisation. Get a quote now.