Home Virusfree Solutions Resources Customers and support Company Blog
Customer portal CZ Try Virusfree

Malware is trying to infect businesses, abusing real email messages

In recent days we have seen a very interesting and unusual phishing campaign that has a great chance of success.

December 18, 2019

Over the past few days, messages from a new targeted spam campaign have begun to appear in our email antispam filters. Crooks are trying to increase their chances of success in an interesting way. The used principle gives it a fairly good chance. Therefore, representatives of companies should be especially careful.

This is a spear phishing campaign, a kind of targeted fishing. This type of attack is not a blanket hit by as many victims as possible, but is targeted very accurately. This is also the reason why these events tend to be smaller and more inconspicuous, but the individual damage may be much worse.

The current campaign is characterized by the victim receiving an email from their real business partner. It is also a response to the original real victim's mail. So at first glance everything seems to be very legitimate.

However, the attacker had previously stolen a real mail with all the essentials from the business partner's mailbox. Crook generates a reply to it from its own mailbox, in which it issues an invoice or sends an order. The message is, of course, false, but an inattentive victim can easily consider it to be genuine and open the attachment.

Mail looks like a very simple call to action:

Sehr geehrter Kunde,

wann werden Sie an dem diesem dokument weiterarbeiten und fertigstellen? Seit Montagnachmittag konnte ich keine Fortführung erkennen.

(URL)

Für weitere Infos verbleiben wir gerne zur Verfügung.

Viele Grüße

The campaign can be very successful because the victim receives a response to an email that has been actually written and sent in the past. Moreover, it is from the right and well known source. Therefore, the recipient has no reason to suspect the information and opens the attachment.

In addition, current anti-viruses have so far [failed to identify] (https://www.virustotal.com/gui/file/e3bcf16048358061a282a4a6b4702415a4b98552db8a18c4fac559d23aa95a07/detection) the payload, so there's a high chance of getting infected.

Read other articles

Resources you might find useful

Enhance cyber security Education

The education sector is one of the most common targets of cybercrime and, despite having been involved in numerous high-profile attacks, it...

Cyber security in local Government

Cybersecurity in local government is a growing concern for anyone interested in how digital technology is impacting our political system....

Lost emails

Though many people would laugh at the idea of an email going ‘missing,’ it’s a surprisingly common issue. While email was a fairly...

Cyber security in Financial services

Cybersecurity is one of the financial sector's most significant concerns. In 2017, attacks against financial services firms increased by...

Don't miss anything! Use our newsletter...

Company

Excello s.r.o

CRN: 27444899

VAT number: CZ27444899

Prague, Czechia

Contact

info@virusfree.cz support@virusfree.cz

Useful links

Customer portal Help
Home Virusfree Solutions Resources Customers and support Company Blog Free trial

This website uses first and third party cookies for advertising purposes. By clicking "Accept", you consent to the use of cookies. Read more about these cookies.

Decline Accept