11
Apr 12

Verizon Wireless: Your Bill Is Now Available

This fake Verizon email has been making the rounds lately. The phony bill displays an astronomical “Balance Due” in an attempt to make you panic. Scammers often use scare tactics to get you to drop your guard.

Rule of thumb: Stop, breathe, think! Never hastily click on links within emails. If you have a valid reason to be concerned about a bill, contact the company directly by telephone or make your inquiry through the company’s official website.

A VirusTotal scan of the embedded url (see screenshot below) revealed the following:

  • Malware site
Sample:
Your Bill Is Now Available

10
Apr 12

UPS: Your Package H6280831334

This fake UPS email showed up on our radar this morning at 4:11 AM EST. It comes bundled with an attachment that you should avoid downloading or opening. Flag the message as spam and delete it right away. If curiosity got the better of you and you opened it anyway, scan for viruses and other threats as soon as possible.

A VirusTotal scan of the attachment labeled “UPS_idG4985433.zip” revealed the following:

  • JS/Obfuscus.AACA!tr
  • Mal/Iframe-AE
  • Trojan.Malscript
Sample:

 


10
Apr 12

You should come to the post office

We reported on a similar version of this scam back in November 2011. This new variant comes with a twist; you are prompted to act quickly or run the risk of being charged a fee for each day the package goes unclaimed. Do not fall for this trick. Do not download or attempt to open the attachment. An official alert about this type of malware attack has been posted by the U.S. Postal Inspection Service here.

Subject: You should come to the post office
File attached:  “Label_Parcel_USPS_13-114

Body:

Postal notification,

Your parcel can’t be delivered by courier service.
Reason deny:An error at the delivery address.

LOCATION:Arlington
STATUS: sort order
SERVICE: Standard Shipping
Parcel number:U679135125NU
FEATURES: Yes

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $7.56 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Customer Services.


09
Apr 12

Scan from a Xerox W. Pro #68852061

Do not download or open the attachment associated with this email. Flag the message as spam and delete right away. If you opened the attachment, scan for viruses and other threats as soon as possible.

File attached: Scan_26-535138

A VirusTotal analysis of the attached file reveals the following:

  • HTML/Framer
  • JS/Obfuscus.AACA!tr
  • HEUR:Trojan.Script.Iframer
  • Mal/Iframe-AE
Subject: Scan from a Xerox W. Pro #68852061

Body:
Please open the attached document. It was scanned and sent

to you using a Xerox Pro .
Sent by: DONELLA
Attachment File Type: .HTML(Internet Explorer File)

Device: 586AP2P7531203098


06
Apr 12

Better Business Bureau Complaint

Subject: Better Business Bureau Complaint
File attached: Complaint_ID04F57291141.htm (Trojan.JS.Agent.bxw) Source: Virus Total

Body:

Good afternoon,

Here with the Better Business Bureau would like to inform you that we have received a complaint (ID 9447849014)
from a customer of yours in regard to their dealership with you.

Please open the COMPLAINT REPORT attached to this email (open with Internet Explorer/Mozilla Firefox)
to view the details on this issue and suggest us about your position as soon as possible.

We hope to hear from you shortly.

Regards,
LATINA RUSHING

Dispute Counselor
Better Business Bureau


02
Apr 12

Confirm your US airways online reservation

Do not click on links in this fake US Airways email. Flag the message as spam and delete immediately. If you happened to click on a link we recommend you scan for viruses and other threats as soon as possible. US Airways has been pro-active with addressing this scam by posting an official alert on their website here.

Subject: “Confirm your US airways online reservation”
Sample: 

Confirm your US airways online reservation

Click to Enlarge


25
Mar 12

UPS notify

Attachment: parcel information.zip (28 KB)

Sample:

parcel information.zip (28 KB)


23
Mar 12

DHL notification

Subject: DHL notification
Attachment:  parcel information.zip (28 KB)

Sample:


23
Mar 12

Your order N22890 for rotorcraft for the weekend

Be on the lookout for fake bills claiming that you have ordered “rotocraft” services or some other thrill seeking vehicle.

Scammers are always trying new ways to get you to panic and react irrationally. Always check directly with your credit card company by telephone or through their official website if you have a reason to believe you have been accidentally billed for a product or service. In the scam below you are prompted to open an attachment (red flag) to verify your “order”. Do not open the attachment or click on links associated with the message. Flag as spam and delete as soon you can.

Subject: Your order N22890 for rotorcraft for the weekend
Attachment:Order_N67132.htm (2 KB)

Body:

Your order for our air carriage services has been received and processed. The helicopter will be at your disposal from 9.45 p.m. sunday to 21.45 monday. Once again, our rates are:

1 hour in the air: 565$
Takeoff / Landing: 252$
1 hour standstill on the ground: 190$
Longest fly-time is 5 hours.
When flying for longer distances, a co-pilot is needed, and the cost accordingly grows by 94$ an hour.

Total Due you will be find in the attachment.(Open with Internet Explorer Only)
With best regards
Edythe Doyle

MD5 check sum: 9624bbbb962e6d7d724b9624bbb96da5


21
Mar 12

Your tax return appeal is declined

File attached: IRS_fl628991876.htm (2 KB)

Sample: (click to enlarge)

Your tax return appeal is declined