Jaclyn McRae 28 September 2016 15:52:08 AEST 1 MIN READ

Don’t click: Well-known university impersonated in malware phishing scam

The compromised email account of an Australian university staff member has been used by cybercriminals to distribute malware in a new phishing scam discovered by MailGuard today.

Disguised as an enquiry from a staff member at a well-known university, the email has links to Trojan malware.

The email appears legitimate, and purports to be an enquiry about a product.  

It contains the staff member’s name, job title and full email signature, complete with the university logo.


But the email account has in fact been compromised by cybercriminals, who’ve sent the unsolicited messages.

They link to a malware payload hosted on a file-hosting domain named mega.nz.


Those who make the mistake of downloading the file may notice that while the file name is listed as “inquirexe.pdf”, the download is actually a far more malicious file: “inquiri_fdp.exe”. The scammers are relying on recipients not noticing.


What is the WisdomEyes Trojan?

WisdomEyes has the potential to cause serious damage to a system if it’s not immediately removed. It is capable of changing DNS settings and allowing its designers to remotely access victims’ computers.

This means sensitive information such as back accounts, credit card numbers and passwords can easily be stolen.

WisdomEyes can also damage the Windows firewall, opening the door to other threats, interrupt internet connection and slow down PC performance.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. 

Our benchmarking shows that MailGuard is consistently 2-48 hours ahead of the market in preventing new attacks.

Find more tips on identifying email scams by subscribing to MailGuard’s blog.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top