Author: Olly

  • Thaddeus Mcconnell – My resume | SCAM – VIRUS | Clever!

    Another Word document attachment virus, but this one with a different approach from the recent invoice/financially orientated ones.

    It looks very much like a fairly normal email, the email address even matches the persons name;

    ThaddeusMcconnell@businessemail.co.uk

    Although its obviously from a free email provider so that wouldn’t be too hard to set up. The content of the email is fairly normal too.

    Hi, My name is Thaddeus Mcconnell Please find my resume in the attachment. Thank you, Thaddeus

    Gmail’s spam filters kicked in straight away with this one, I think because the file attachment is a zip file that it must have triggered the spam filters to scan it earlier than if it was just a Word document or something.

    Thaddeus Mcconnell - my resume.zip

    I did wonder if this was actually a genuine request and the chap just happened to have a virus himself and sent it unwittingly, but there is something about it that just makes me think its an intentional scam. I think its the “Business” email – it just sets alarm bells off for me.

    Anyway, real or not, Gmail did the work and marked this as a Virus.

    Delete and move on people.

  • Debit Note [40822] information attached to this email | SCAM – VIRUS – DODGY EMAIL

    These seem to be flooding in recently, not sure how or why i’ve started to get so many – maybe some of my scam-baiting has got me on some “To scam” lists 🙂 It’s also worrying that many of them are not being blocked by Google and they are actually ending up in my Gmail inbox.

    Anyway, the format of this recent batch has been similar, some kind of financial related email that will almost always entice you to open the attachment. Please don’t, especially in Microsoft Word as Word documents can contain macros, and macros are basically mini executable scripts that can do or get other things to do nasty stuff to your computer.

    This one was from Terri Tyler <Sean.33@sec-pc.skbroadband>

    Attachment filename: 39533803.doc

    terri_tyler

    Gmail creates a thumb of the document if it can, and you can actually see this one is full of crap – looks like code but i’ve not opened it as the macros are usually behind passwords and I haven’t got time to decrypt them so it would be pointless.

    Dont open any attachment from any person that you don’t know or that you cannot confirm is a genuine person/organisation.

    No genuine company would send an invoice or “Debit note” in a blank email from a mismatched name & email.

    Mark the email as Spam so your email provider’s spam filters can learn and block the email from reaching other people.

  • Invoice ID:48cac1753 in attachment | SCAM – VIRUS

    Seem to be getting a lot of these recently – they are slipping through the Gmail spam filters and Gmail doesn’t instantly pick up they are dodgy. After a while it marks the attachment as a virus but not straight away.

    If you’re ever unsure what to do or if things like this are real, then try and attempt to open it in Google Docs – dont download it and open it in Word.

    laurel_barry

    Email from Laurel Barry – Porfirio.51@ususmal.net

    If you receive something in your inbox and are not sure about it, send it to me and I will be happy to take a look and advise you from there 🙂

  • Outstanding Invoice SCAM

    A friend of mine forwarded me an email that he had identified as a scam. It contained a brief message and a word document attachment, lets take a closer look;

    From: “Jerry Donovan” <Kristina.a51@motogalos.pt>
    Date: 16 Mar 2015 14:38
    Subject: Outstanding invoices – 563339 January
    To: “chris” <chris@btinterwebs.com>
    Cc:

    Dear Sirs,

    Kindly find attached our reminder and copy of the relevant invoices.
    Looking forward to receive your prompt payment and thank you in advance.

    Kind regards
    Jerry Donovan

    So receiving some email about an outstanding invoice isn’t anything out the ordinary, it’s all spelled correctly and ‘Jerry Donovan’ sounds trustworthy, right?

    Hmm – the first thing I noticed was the email address. Surely a legitimate email would be jerry.donovan@something.com? This guys seems to be Kristina.a51@motogalos.pt? Thats not very professional?

    I also opened the attached file, if gmail allowed it to arrive in my inbox then it didn’t contain a virus.

    563339.doc

    It was a blank word document with some macros (which are like mini programs) embedded into it, they were supposed to run when I opened the file. I tried to edit the macros to see what they did but it was all passworded, tried to crack the password but it didnt work first time and i’m far too busy to sit doing that all night 🙂

    My version of Word completely disabled the macros as it opened the file so no harm done. Older versions of Word may not do this, or if you open it in something else you may find you have problems.

    The whole point of this is to make you think “Wait, what invoice?” then see its only a harmless word document so you open the file and boom, whatever the macro ‘virus’ was designed to do has just been done.

    It could probably trigger a file download from somewhere, or reset/steal/wipe certain information from your computer. Yes, even Word documents can be dangerous.

    Macro viruses are fairly uncommon now, they were big back in the day but things have moved on a lot now. I guess people have forgotten about them as “Its only a word document!?”… Yeah well a simple Word doc infected 20% of computers worldwide back in 1999.

    You’ll never look at a .doc file the same again 🙂

    Thanks for the submission, Chris!

    If you receive something that looks dodgy, the please forward it to scams@0lly.uk or use the form i’ve set-up and i’ll check it out for you 🙂