Fake 'Important matter' SPAM - delivers unknown malware
28 Mar 2017 - "This email was forwarded to me by a contact who works for a public service agency. I have redacted the actual recipients domain and any email address. There is a 'Charmaine' [redacted] living at the address listed according to google searches. I am sure that there will be a lot of other emails with other real details that will really scare the recipients into opening these emails and being infected. They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain .com >. That is why these scams and phishes work so well... The email looks like:
From: Antony Gfroerer <antongfoufou@ wanadoo .fr>
Date: Tue, 28 Mar 2017 09:37:38 +0000
To: Charmaine [redacted] <c*********@ [redacted]>
Attachment: victim.dot (renamed from recipients name)
I am disturbing you for a very important matter. Though we are not familiar, but I have considerable ammount of information concerning you. The matter is that, most probably mistakenly, the data of your account has been sent to me.
For example, your address is:
5 [redacted] Lane
Perthshire and Kinross
I am a lawful citizen, so I decided to personal details may have been hacked. I pinned the file – victim.dot that that was emailed to me, that you could find out what information has become accessible for fraudsters. File password is – 2131
I look forward to hearing from you,
Antony Gfroerer ...
victim.dot - Current Virus total detections 0/55*. Payload Security** is unable to analyse as an unsupported format. MALWR*** shows nothing... I am informed that they download:
galaxytown .net/store/read.gif -and- effeelle .eu/img/logo.gif which appear to be genuine gif files from the headers, although they refuse to display as any sort of image file and must contain some sort of embedded -malware- content... DO NOT follow the advice they give to enable macros or enable editing to see the content... The basic rule is NEVER open any attachment to an email, unless you are expecting it..."
galaxytown .net: 188.8.131.52: https://www.virustotal.com/en/ip-add...5/information/
'Message from IT' - Phish
28 Mar 2017 - "... slightly different than many others and much more involved and complicated. It pretends to be a message from IT support to update webmail to use Office 365 / Outlook web access...
This email has a genuine PDF attachment:
If you follow the link inside the pdf you see a webpage looking like this:
[ http ://radioclassicafm .com.br/lr/barracuda/barracuda/index.html ]
After you input your email address and password, you get told -incorrect- details and -forwarded- to an almost identical looking page where you can put it in again:
Then you get sent to an imitation of the Google Verification page where they ask for either your phone number or alternative email address...
Then you get a 'success' page... All of these emails use Social engineering tricks to persuade you to open the -attachments- that come with the email..."
radioclassicafm .com.br: 184.108.40.206: https://www.virustotal.com/en/ip-add...6/information/