Collaborate Disseminate
This example is an email containing the subject of “Incoming high value CHAPS payments” pretending to come from HSBC but actually coming from “Olivia.Brown@hsbcemail.net” which is a look-a-like, typo-squatted or other domain th… Continue reading Trickbot via Fake HSBC “Incoming high value CHAPS payments” emails
A nice simple, straightforward Trickbot campaign hitting UK this Morning. This example is an email containing the subject of “Reference: BACS09280981 ” pretending to come from Lloyds Bank but actually coming from “O.Wilson@lloydsbankc… Continue reading trickbot via Fake Lloyds bank “Reference: BACS09280981 ” malspam emails
A bit of a change with the Trickbot delivery system with this example. Instead of directly attaching a malicious macro enabled word doc or other Microsoft Office file to the email, it instead has a html attachment and a link in the email body that whe… Continue reading Trickbot via Fake Bank Of America Secure Message
We have had just over a one week break from Trickbot being distributed via Malspam and Spear phishing style emails. But it is a new month and the Trickbot gang have their quotas to meet, so they are back with their usual malspam campaigns. They conti… Continue reading trickbot still being delivered by fake payroll emails
I found a marginally interesting phishing scam in my server quarantine folder overnight. The main reason for posting this today is the way the scammer is performing the phishing scam. Unlike many similar scams, there are no direct links to any website…. Continue reading Tax Clearance Certificate phishing scam
We are seeing a malspam campaign with emails pretending to be e-tickets from Ticketsales.com This looks like it is a new Ursnif banking trojan version, that is now currently being investigated by several researchers and AV companies. I really don’… Continue reading Fake ticketsales.com e-tickets scam delivers ursnif banking trojan
Trickbot are continuing with their malware spreading campaigns using Office Macros, particularly Excel spreadsheets with macros. Today’s example is an email pretending to be an invoice for nearly £35,000 containing the subject of “FW: Inv… Continue reading Trickbot delivered via fake Intuit “FW: Invoice #3989021 ” email
The criminals behind the Trickbot banking trojan are continuing to use Deloitte as a lure. Somebody at Deloitte must have really annoyed them, because it is very unusual for the same company to be targeted and used as the lure several days in a row, … Continue reading Yet another fake Deloitte email “RE: Company records ” delivers Trickbot
This malware delivery campaign is a bit of a disaster, but of course, the more unbelievable it is the more victims seem to fall for it. The email looks like a 4 year year old child has cut & pasted bits from different emails or images to get someth… Continue reading Danabot delivered via fake DPD delivery notification
The second of Today’s Trickbot campaigns is a US targeted version this evening. Yesterday they also used Deloitte as the lure. This example is an email containing the subject of “FW: Financial Statements ” pretending to come from De… Continue reading Another Fake Deloitte email “FW: Financial Statements” delivers Trickbot