Don’t click: Well-known university impersonated in malware phishing scam

Posted by Jaclyn McRae on 28 September 2016 15:52:08 AEST

The compromised email account of an Australian university staff member has been used by cybercriminals to distribute malware in a new phishing scam discovered by MailGuard today.

Disguised as an enquiry from a staff member at a well-known university, the email has links to Trojan malware.

The email appears legitimate, and purports to be an enquiry about a product.  

It contains the staff member’s name, job title and full email signature, complete with the university logo.

University_impersonated_in_malware_phishing_scam_MailGuard_original_email.jpg

But the email account has in fact been compromised by cybercriminals, who’ve sent the unsolicited messages.

They link to a malware payload hosted on a file-hosting domain named mega.nz.

University_impersonated_in_malware_phishing_scam_MailGuard.jpg

Those who make the mistake of downloading the file may notice that while the file name is listed as “inquirexe.pdf”, the download is actually a far more malicious file: “inquiri_fdp.exe”. The scammers are relying on recipients not noticing.

University_impersonated_in_malware_phishing_scam_executable_file_MailGuard.jpg

What is the WisdomEyes Trojan?

WisdomEyes has the potential to cause serious damage to a system if it’s not immediately removed. It is capable of changing DNS settings and allowing its designers to remotely access victims’ computers.

This means sensitive information such as back accounts, credit card numbers and passwords can easily be stolen.

WisdomEyes can also damage the Windows firewall, opening the door to other threats, interrupt internet connection and slow down PC performance.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. 

Our benchmarking shows that MailGuard is consistently 2-48 hours ahead of the market in preventing new attacks.

Find more tips on identifying email scams by subscribing to MailGuard’s blog.

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top

Topics: Cyber Criminals Malware email scam Email Spam Scam malicious email email fraud Melbourne University WisdomEyes brand exploitation

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all