Sponsored by..

Thursday 12 November 2015

Malware spam: "FYI: INTERAC e-Transfer to Guillaume Davis accepted" / "Bank of Montreal [notify@payments.interac.ca]"

This fake financial spam leads to malware:

From:    Bank of Montreal [notify@payments.interac.ca]
Date:    30 September 2015 at 13:34
Subject:    FYI: INTERAC e-Transfer to Guillaume Davis accepted

Dear Customer

The INTERAC e-Transfer for $2997.60 (CAD) you sent to Guillaume Davis was accepted. The transfer is now complete.

Recipient's message:  A message was not provided

Thank you for using Bank of Montreal INTERAC e-Transfer Service.

Please follow the link below to download the transaction details:

https://storage-usw-11.sharefile.com/download.ashx?dt=dt7c26b2a7994b4070a947e9cd285718bb&h=u4fdqSy4IS59j0nzAr6RzZtYbrne3JpDFwd4YfEKKM0%3d
The link in the email downloads a file INTERAC e-Transfer transaction details.doc which has a VirusTotal detection rate of just 1/53. Analysis of the malicious code within the downloaded document is pending, however the use of sharefile.com is consistent with the delivery of the Dyre banking trojan.

1 comment:

Unknown said...

I've had a very similar one from Toronto Dominion bank with a different recipient name . Link was https://app.sugarsync.com/wf/D3918429_7/getfile/584_416206879/INTERAC%20e-Transfer%20transaction%20details.doc?browserOS=Windows