"Urgent," warns the genuine Ministry of Justice. "We are aware that a large number of people have received a scam 'REMINDER NOTICE DO NOT IGNORE' email. This is not an email from the Ministry of Justice and you should not click on any of the links contained within it."
The email ticks many of the classic social engineering buttons, including fear and curiosity. "The amount of £70.00 is now due if payment not received within 28 days, an additional 40.00 administration charge will be incurred. Failure to pay the full outstanding balance within 14 days of the date of this notice could result in the outstanding balance being registered as a debt against you. You will also become liable for additional costs and interest invoiced. Your ability to obtain credit in the future could be affected."
That's the fear factor. "We are holding photographic evidence on file to support this claim;" copies of which are attached, provides the curiosity factor. Recipients will be tempted to view the attachment to check the evidence against them.
In general, the email is well produced and persuasive. It carries the Ministry of Justice logo and includes few errors. There is one error where a fullstop and new sentence is required "is now due," but it does not contain the frequency of errors that often indicate scams.
Little else is yet known. The MoJ warns against clicking links (which could lead to malicious sites), while the police (ActionFraud) suggest the attachment will contain a virus. It is not yet known if it does, nor if so, what malware is contained. Infosecurity has asked the anti-virus industry if it has any further details on the scam, and will update this story as it learns more.
In the meantime, says ActionFraud, "If you receive one of these emails, delete it, do not download the attachment and report it to us."
Update
Most of the anti-virus companies have not yet come across this particular scam (which does not mean, of course, that their products would not recognize any included malware). Nevertheless, David Harley, a senior research fellow at ESET, provided the following comment: "The article [on the ActionFraud website] clearly suggests that there is a maliciously-intended attachment, but it isn’t necessarily malware in itself: there’s always a risk (from the criminal’s point of view) that malicious code will be detected straight off at the perimeter. After all, we all know about malicious attachments by now. So it’s common for the initial attachment to be the first stage in a multi-stage process involving a chain of web accesses with unequivocal malware being downloaded and installed at the end, in the hope that automated detection will be bypassed. It’s not really an either/or attachment versus URL issue, since the attachment may be a downloader that simply kicks off the process. It could, of course, also be a booby-trapped document of some sort, like those that we associate with spearphishing."