[Wolves] Phishing emails

Ron Wellsted ron at wellsted.org.uk
Wed Apr 23 11:04:05 UTC 2014


Just a warning, there are a large number of emails doing the rounds
today (1 every 2-3 minutes).

The most frequent has the subject of "FW : Incoming CHAPS" from various
addresses at natwest.com.  Fortunately, the senders appear to be
incompetent (or very sneaky, lulling sysadmins into a false sense of
security) as the attachment contains the word "turbom" (insert
conspiracy theories here about this word as a trigger).

The second one is more traditional with a zip file as an attachment
which contains a windows executable masquerading as an invoice. The
subject line is "from $somebody" with the from: address as "$somebody
<$random_email address>".  The message body is "Hi!Why your phone
swicthed off ? Or did you think it's normal that my the debt for
serivces has not been paid so far? I remind ,that debt amounts
£$random_amount, and I'll just have to contact the police if you
continue hiding . Bank account with invoice for payment attahced to this

Be on your guard if running windows and save yourself time & pain by
warning your users.

Ron Wellsted
ron at wellsted.org.uk http://www.wellsted.org.uk
Call Sign: M0RNW, Linux Counter No. 202120

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 263 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.lug.org.uk/pipermail/wolves/attachments/20140423/39c34db0/attachment.pgp>

More information about the Wolves mailing list