Sponsored by..

Thursday 26 May 2016

Phish: "Please find attached telegraphic transfer copy for payment made to your account today."

At first glance this spam looks like malware, but it appears to be a phish instead:

From:    General trading ltd [info@7studio.co]
Date:    26 May 2016 at 05:04
Subject:    Payment

Dear Sir/Ma'am!

As requested by our customer
Please find attached telegraphic transfer copy for payment made to your account today.

Kindly confirm once you received this payment.


Muhammad Farooq
Exchange Manager,
MCB New Garden Exchange
U.A.E (1080)
Contact: 971-35866698 - 03004278636


This E-mail is confidential. It may also be legally privileged. If you are not the addressee you may not copy, forward, disclose or use any part of it. If you have received this message in error, please delete it and all copies from your system and notify the sender immediately by return E-mail. Internet communications cannot be guaranteed to be timely, secure, error or virus-free. MCB Bank does not accept liability for any errors or omissions.

Attached is a file TT-USD.pdf .. as a rule I would recommend not opening PDF files or other attachments from unknown sources. When you open the file it looks like this:

Yes, it does look that blurry. The enticement here is to click the link in the document, which is something I wouldn't recommend that you do because it could lead to a malicious download, exploit kit or in this case a simple phishing page hosted on poloimport2012.com.

This seems to be phishing for general webmail credentials. Of course, once a hacker has those they can use your account to send spam or even rifle through your private emails and reset passwords and gain access to other important accounts.

Signing in with any credentials appears to fail, but of course the bad guys have just harvested your password..

As I said, I don't recommend opening files like this and clicking links to see where they go. I use a test environment to do this, but some similar spam emails can deliver malware that will silently plant itself on your computer which can be even more dangerous than this phish.

No comments: