Collaborate Disseminate
This generic email with the subject of “Invoice Due” coming from help@simplexhealthcare.info with a malicious password protected word doc attachment does eventually deliver some sort of malware. Recently password protected word docs have… Continue reading False Invoice Due email with password protected attachment delivers malware
This example is an email containing the subject of “Unpaid Invoice ” pretending to come from Intuit but actually coming from a look-a-like or typo-squatted domain Gary.Terry@intuit-invoice.com with a malicious word doc attachment is toda… Continue reading Fake Intuit “Unpaid Invoice ” delivers Trickbot
This example is an email containing the subject of “FW: Unpaid Invoice 17.07.2018” pretending to come from HMRC but actually coming from a look-a-like or typo-squatted domain “Melanie.Moran@hmrcco.uk” with a malicious word doc… Continue reading Trickbot deliveredc via fake HMRC “FW: Unpaid Invoice 17.07.2018”
This example is an email containing the subject of “Past due invoice 07.16.2018 ” pretending to come from ADP but actually coming from a look-a-like or typo-squatted domain adp-invoice.co.uk with a malicious word doc attachment that pret… Continue reading Fake ADP “Past due invoice 07.16.2018 ” malspam delivers Trickbot
An email with the subject of “FW: URGENT PAYMENT FOR OVERDUE INVOICES” pretending to come from FINANCE <salgar@dgkw.com> with both a malicious word doc and an Excel XLS spreadsheet attachment delivers Formbook. These attachments… Continue reading Fake URGENT PAYMENT FOR OVERDUE INVOICES delivers formbook
The next in the never ending series of Locky downloaders is an email with the subject of Copy of invoice A5165059014. Please find your invoice attached. pretending to come from online@screwfix.com They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and … Continue reading → Continue reading Fake Screwfix Copy of invoice A5165059014. Please find your invoice attached. delivers Locky ransomware
The next in the never ending series of Locky downloaders is an email with the subject of Copy of invoice A5165059014. Please find your invoice attached. pretending to come from online@screwfix.com They use email addresses and subjects that will entice, persuade, scare or shock a recipient to read the email and … Continue reading → Continue reading Fake Screwfix Copy of invoice A5165059014. Please find your invoice attached. delivers Locky ransomware
The next in the never ending series of Locky downloaders is an email with a blank / empty subject pretending to come from random names and email addresses. The body content pretends to be an invoice notification. There are no attachments with these emails but a link in the email body … Continue reading → Continue reading Another change with Locky delivery methods today. Payload embedded in a large .js file
We see lots of phishing attempts for email credentials. This morning we are seeing a series of “attacks” using Adobe as the lure. So far I have seen 2 different ones Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and … Continue reading → Continue reading Email credential phishing via fake Emirates Bank Statement and fake generic proforma invoice scams
The next in the never ending series of Locky downloaders is an email with the subject of Status of invoice A2178050-11 ( random numbers) pretending to come from random names with a from address of ordering@ random companies. The subjects all start with Status of invoice A217 with 4 extra digits … Continue reading → Continue reading More random company fake invoices delivering Locky Ransomware again today