Careful what you click this morning: Virgin Media Bill scam & eFax Corporate email attacks hit inboxes overnight

Posted by Daniel McShanag on 27 September 2017 08:40:45 AEST

Warn your teams to be careful about clicking on any strange emails when they get to their desks this morning. Starting at 6:00pm and 6:19pm respectively, two new email scam from eFax Corporate and Virgin Media, were arriving in Australian inboxes last night. MailGuard successfully blocked the scams, with the last messages ceasing at 10:02pm and 10:56pm.

The Virgin Media email is a bill scam. A well formatted HTML email carrying Virgin media branding, titled ‘Your Virgin Media bill is ready,’ with a prominent button for recipients to ‘View Bill.’ The emails contain variable elements with the payment reference and the amount due changing with each email sent.   

Your Virgin Media bill is ready - Mozilla Thunderbird_166.png

The ‘View Bill’ link goes to a compromised SharePoint site that points to a ZIP file with a malicious JavaScript file. The display name for these emails is "Virgin Media" and the sender address and display address is webteam(at)virginmedia.smebusinesslink(dot)com. The sending domain smebusinesslink(dot)com was registered with a Chinese registrar on the 24th of September.

The second eFax Corporate scam claims that you have received a fax from an unknown sender. Titled ‘Corporate eFax message from “Unknown” – 2 page(s), Caller ID: 44-161-261-9619,’ it is a well formatted HTML email with eFax Corporate branding.

44-161-261-9619 - Mozilla Thunderbird_165.png

The display name for this scam is "eFax Corporate" and the sender address and display address is message@efax.inboundcop(dot)com. The sending domain inboundcop(dot)com was registered with a Chinese registrar on the 24th of September.

As with the Virgin Media scam, in the eFax Corporate scam the number of pages and the Caller ID in the subject line and in the body of the email, change with each message that is sent, as below.

***

Subject: Corporate eFax message from "Unknown" - 3 page(s), Caller-ID: 44-161-261-0771

Subject: Corporate eFax message from "Unknown" - 4 page(s), Caller-ID: 44-161-261-1102

Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 44-161-261-7117

Subject: Corporate eFax message from "Unknown" - 3 page(s), Caller-ID: 44-161-261-7476

Subject: Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 44-161-261-0354

Subject: Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 44-161-261-0285

Subject: Corporate eFax message from "Unknown" - 2 page(s), Caller-ID: 44-161-261-5241

Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 44-161-261-4421

Subject: Corporate eFax message from "Unknown" - 4 page(s), Caller-ID: 44-161-261-0771

Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 44-161-261-5075

Subject: Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 44-161-261-3401

***

By clicking the links, users are directed to a compromised SharePoint site that points to a ZIP file with another malicious JavaScript file.

Opening FAX_20170925_1401908954_6.zip_163.png

MailGuard urges email users to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.

Keep Informed with Weekly Updates

 

^ Back to Top

Topics: Malware email scam Cybersecurity cybercrime Survivingcybercrime cybercrime statistics hoax email brandjacking Australian brands

Back to Blog

Comments:


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.

Remember:

  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all