Warn your teams to be careful about clicking on any strange emails when they get to their desks this morning. Starting at 6:00pm and 6:19pm respectively, two new email scam from eFax Corporate and Virgin Media, were arriving in Australian inboxes last night. MailGuard successfully blocked the scams, with the last messages ceasing at 10:02pm and 10:56pm.
The Virgin Media email is a bill scam. A well formatted HTML email carrying Virgin media branding, titled ‘Your Virgin Media bill is ready,’ with a prominent button for recipients to ‘View Bill.’ The emails contain variable elements with the payment reference and the amount due changing with each email sent.
The ‘View Bill’ link goes to a compromised SharePoint site that points to a ZIP file with a malicious JavaScript file. The display name for these emails is "Virgin Media" and the sender address and display address is webteam(at)virginmedia.smebusinesslink(dot)com. The sending domain smebusinesslink(dot)com was registered with a Chinese registrar on the 24th of September.
The second eFax Corporate scam claims that you have received a fax from an unknown sender. Titled ‘Corporate eFax message from “Unknown” – 2 page(s), Caller ID: 44-161-261-9619,’ it is a well formatted HTML email with eFax Corporate branding.
The display name for this scam is "eFax Corporate" and the sender address and display address is message@efax.inboundcop(dot)com. The sending domain inboundcop(dot)com was registered with a Chinese registrar on the 24th of September.
As with the Virgin Media scam, in the eFax Corporate scam the number of pages and the Caller ID in the subject line and in the body of the email, change with each message that is sent, as below.
***
Subject: Corporate eFax message from "Unknown" - 3 page(s), Caller-ID: 44-161-261-0771
Subject: Corporate eFax message from "Unknown" - 4 page(s), Caller-ID: 44-161-261-1102
Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 44-161-261-7117
Subject: Corporate eFax message from "Unknown" - 3 page(s), Caller-ID: 44-161-261-7476
Subject: Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 44-161-261-0354
Subject: Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 44-161-261-0285
Subject: Corporate eFax message from "Unknown" - 2 page(s), Caller-ID: 44-161-261-5241
Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 44-161-261-4421
Subject: Corporate eFax message from "Unknown" - 4 page(s), Caller-ID: 44-161-261-0771
Subject: Corporate eFax message from "Unknown" - 1 page(s), Caller-ID: 44-161-261-5075
Subject: Corporate eFax message from "Unknown" - 5 page(s), Caller-ID: 44-161-261-3401
***
By clicking the links, users are directed to a compromised SharePoint site that points to a ZIP file with another malicious JavaScript file.
MailGuard urges email users to hesitate before clicking any type of attachment or link in an email if they’re uncertain of its legitimacy.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web security to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network.
