Sponsored by..

Monday 11 January 2016

Malware spam: "Invoice No 39830 from CHEVRON ALARMS LTD A/C LA 6130AD38"

This fake invoice comes with a malicious attachment:

From:    Tracy Simpson
Date:    11 January 2016 at 12:56
Subject:    Invoice No 39830 from CHEVRON ALARMS LTD A/C LA 6130AD38

Please ensure that you keep us informed of any changes in your Bank Account details as you may need to set up a new Direct Debit mandate.

If you no longer wish to continue payment via Direct Debit after the minimum term of 12 months has elapsed then Payments can also be made via our website www.chevronalarms.com, click on payments tab and choose to make a payment via PayPal. Please quote the Invoice number 39830 and your Account Number LA MOT01.

Alternatively you can call the office on    01784 438822 and pay directly by Debit or Credit Card.

Please note that we make no additional charge for payment by Visa or MasterCard Credit or Debit cards, however there will be a 4% handling charge if payment is made via American Express.

Bank Payments may also be made to HSBC Bank PLC - Egham Branch
Sort Code 40-20-34
Account 6130AD38
Please quote reference 39830

  Kind regards

  Chevron Alarms

  Tel:  01784 438822

  Fax: 01784 438970

  Email: service@chevronalarms.com

  Chevron Alarms
  Unit 10, Eversley Way, Thorpe Industrial Estate, Egham, Surrey, TW20 8RG

Registered in England: Registration No. 6143385, VAT No. 4388019 32
There are several different versions with different attachment, with low detection rates [1] [2] [3] and the Malwr reports [4] [5] [6] indicate that this is the same Dridex banking trojan as described here.


Unknown said...

Thank you for putting this online, we received one of these emails today and wanted to check before opening the attachment as it looked legitimate and when you google the phone number it is a real company.

Titania Magic Box said...

I too received more than one of these invoices and I googled the telephone number and it is indeed Chevron Alarms Limited but I did not open the invoice because I have not used the company and do not intend to either. I think that the company must have been compromised and perhaps do not realise it perhaps? Thank you for advising us though.

Titania Magic Box said...

I too received around about three of these emails and they asked for a bill to be paid but the thing is several people sent the email different every time. The telephone number was genuine which made me wonder if their website had been compromised. I did not open the attachment as I know it to be a virus as I have never used this company and do not intend to either being a pensioner!! A wise one at that.