Over the last 24 hours, MailGuard has intercepted a generic malicious email attack that has a link to a malware file disguised in a Word document.
This email is not a very well designed attack compared to some of the sophisticated scams we see here at MailGuard. The email is in a plain text format and contains spelling errors; a red flag to anyone conscious of email security concerns. The interesting thing about this attack is that it demonstrates how easy it is for criminals to operate these sort of scams.
A simple email of this kind could be based on inexpensive malware, bought through a dark web portal, and run from a phone.
In the screenshot above you can see a sample email intercepted by MailGuard. The email has a short message referring to a fake invoice and a clickable link. If the victim were to click on the link it would take them to a download screen with fake Microsoft Office branding, and instructions on how to download and open the “invoice” file.
The .doc file which the victim is supposed to download contains malicious code designed to install malware on their computer. Because the damaging code is embedded in the word .doc, at first glance it looks innocent to the average recipient.
This email seems to be originating from multiple sources including:
finance[at]montevideomn.org
foerderverein[at]kcwitten.de
fo[at]tarntawansurawong.com
franziska.gentzel[at]weyho.de
fundraising[at]mfh-bochum.de
furnituremedicrepair[at]outlook.com
gabriele.heine[at]online.de
garnet[at]rigmasterpower.com
There is a high degree of variability in the sender addresses, so the list above is not exhaustive.
This email also has more than a hundred variations in the URL the link points the victim toward. Scammers use multiple sender and link address variants in messages like this to help hide their tracks and increase the success rate of their inbox infiltration.
Think Before You Click:
If you receive an email of this kind, do not open the email or click on the link. Criminal-intent email of this kind can deliver malware of many kinds and can also be used to initiate ransomware attacks.
Phishing attacks can be enormously costly and destructive and new scams are appearing every week. Don’t wait until it happens to you; take action to protect your business and your staff from financial and reputational damage, now.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: click here.
