From: Carey Cross
Date: 7 January 2016 at 11:35
Subject: Close Invoice Finance Limited Statement 1/1
Please find attached your latest statement from Close Brothers Invoice Finance.
Your username is 05510/0420078
Your password should already be known to you.
If you have any queries please contact:
For Credit Control: creditcontrolqueriesCBIF@closebrothers.com
For login help: email@example.com
If you’re considering growing your business or are simply looking for support with cash flow, visit our website to see how we can help www.closeinvoice.co.uk/cashflow
Close Brothers Invoice Finance
The sernder's name will vary, as will the attachment name. I have only seen a single sample at the moment with a detection rate of 2/54. Functionally, the payload is identical to that found in this earlier spam run, and it drops the Dridex banking trojan.