Apr 12

UPS: Your Package H6280831334

This fake UPS email showed up on our radar this morning at 4:11 AM EST. It comes bundled with an attachment that you should avoid downloading or opening. Flag the message as spam and delete it right away. If curiosity got the better of you and you opened it anyway, scan for viruses and other threats as soon as possible.

A VirusTotal scan of the attachment labeled “UPS_idG4985433.zip” revealed the following:

  • JS/Obfuscus.AACA!tr
  • Mal/Iframe-AE
  • Trojan.Malscript


Apr 12

You should come to the post office

We reported on a similar version of this scam back in November 2011. This new variant comes with a twist; you are prompted to act quickly or run the risk of being charged a fee for each day the package goes unclaimed. Do not fall for this trick. Do not download or attempt to open the attachment. An official alert about this type of malware attack has been posted by the U.S. Postal Inspection Service here.

Subject: You should come to the post office
File attached:  “Label_Parcel_USPS_13-114


Postal notification,

Your parcel can’t be delivered by courier service.
Reason deny:An error at the delivery address.

STATUS: sort order
SERVICE: Standard Shipping
Parcel number:U679135125NU

Label is enclosed to the letter.
Print a label and show it at your post office.

An additional information
If the parcel isn’t received within 30 working days our company will have the right to claim compensation from you for it’s keeping in the amount of $7.56 for each day of keeping.

You can find the information about the procedure and conditions of parcels keeping in the nearest office.

Thank you for using our services.
USPS Customer Services.

Apr 12

Bank of America: Online Banking Alert

Be on the lookout for this fake Bank of America email. A common scare tactic is used to try to get you to click on a link in the email to “confirm” your data. If  this email manages to slip through your spam filter, report it to abuse[@]bankofamerica.com. More information on how to detect phishing scams like these can be found on Bank of America‘s official website here.

Malicious link included with message: http:// 211. 21.123. 175 /css / (disabled)

A VirusTotal analysis of the above link revealed the following:

  • Malicious site
  • Phishing site 

Apr 12

Scan from a Xerox W. Pro #68852061

Do not download or open the attachment associated with this email. Flag the message as spam and delete right away. If you opened the attachment, scan for viruses and other threats as soon as possible.

File attached: Scan_26-535138

A VirusTotal analysis of the attached file reveals the following:

  • HTML/Framer
  • JS/Obfuscus.AACA!tr
  • HEUR:Trojan.Script.Iframer
  • Mal/Iframe-AE
Subject: Scan from a Xerox W. Pro #68852061

Please open the attached document. It was scanned and sent

to you using a Xerox Pro .
Sent by: DONELLA
Attachment File Type: .HTML(Internet Explorer File)

Device: 586AP2P7531203098

Apr 12

This is Very Important

Subject: This is Very Important


The Manager
Petroleum Company of Trinidad and Tobago(Petrotrin)
Trinidad, West Indies

Dear Sir,

It is a fact that we have not met before neither have we had any previous business dealings, but I strongly believe that with understanding and trust we can have a successful business relationship.

For your information I am employee of Petroleum Company of Trinidad and Tobago Ltd. (Petrotrin), for more information you can visit our link

** Link removed **

I have access to very vital information that can be used to move a huge amount of money out of the Petrotrin’s continuous catalyst regeneration (CCR) platform project account to a secured account out of Trinidad and Tobago. Ultimately I need a foreigner to play an important role in the completion of this business deal. Please, do not take this vital issue as the numerous scam mails you received nowadays, but a serious and mutually beneficial transaction.

The funds in question was sourced from over an invoiced billings and contracts for the; REVAMPING OF FLUID CATALYTIC CRACKING UNIT (FCCU) AND UPGRADE OF THE PETROTRIN’S GASOLINE OPTIMIZATION AT THE POINTE A PIERRE REFINERY. I have done my homework very well and have machineries in place to ensure that this venture succeed and I therefore asked of you if:

– You have a well serviced bank account that can receive huge transfer without suspicion from your bankers
– You have a good relationship with your bankers?
– You can guarantee the safety of these funds in your account pending my arrival for disbursement?

If YES, then I will need more information about you such as: Your Full Names, Your Contact Tel, Your Office /Residential Address, Your Occupation, Any form of ID .

On acceptance, Our Identities and total business plan package will be relayed to you in details. Please respond to this email using my personal confidential mail at gen_mang[@]blumail.org.

Best Regards

Petroleum Co. of Trinidad and Tobago Ltd. (Petrotrin).

Apr 12

Email Draw Lucky No.: 2-33-44-21-50-16)‎

This is your typical lottery scam. Flag the message as spam. Do not communicate with the scammer.

Subject: Email Draw Lucky No.: 2-33-44-21-50-16)‎


Email Draw Lucky No.: 2-33-44-21-50-16)‎
This is to inform you that your Email Address attached to a Ticket Number:
12-50-41-15-20-30) has won a huge prize of One Million Two Hundred Thousand Euro Only, From the SUPER LOTTERY BONANZA, in an Email Sweepstakes program, held on the 2ND of APRIL 2012 in Brussels Belgium.

TEL:0032-483-565-904 OR +1132-483-565-904
Reply to europunionoffice2011[@]aol.com
It is important to note that your award information was released today with the following Particulars attached to it.
Email Ticket NO: 12-50-41-15-20-30
Reference NO: (GBESD-11, 66,264,934,100)
Serial NO: DEJSP61562321
Batch NO: MSPL/1115208233
Draw Lucky No.: 2-33-44-21-50-16.
Winning Reg No: XXX00000SUPG/21999

We expect you to provide them with details of your winning information below, for the processing of your winning documents.
1). Full Names:
2). Residential Address:
3). Occupation:
4). Sex/age:
5). Phone/Fax Numbers:
6). Country of Resident:
7). Nationality:
8). Reference Number:
9). Batch Number:
10).Registered number:
11).Amount Won:
12).your winning Email Address
13).A scan or Fax Copy of any Valid Proof of your Identification it could be your International Passport or Driver’s License:
PLEASE NOTE THAT all wining must be claimed not later than 30th OF April 2012.

Mrs. Adams Kathleen.
Super Lotto Coordinator
TEL: 0032-483-565-904 OR +1132-483-565-904, Fax: 0032-70-42-6225
please note, do not send email to the email alert you are to contact
MR. TIM CLERBOUT Reply via email to:europunionoffice2011[@]aol.com

Image attached:

Apr 12

From Mr. Ibrahim Lamorde Chairman ( EFCC)

Subject: From Mr. Ibrahim Lamorde Chairman ( EFCC)



Notification of payment by ATM Master Credit Card.

Attn: Beneficiary,

I am Mr. Ibrahim Lamorde the chairman of ECONOMIC & FINANCIAL CRIME COMMISSION (EFCC). EFCC in alliance with economic community of West African states (ECOWAS) with head Office here in Nigeria. We have been working towards the eradication of fraudsters and scam Artists in Western part of Africa With the help of United States Government and the United Nations We have been able to track down so many of this scam artist in various parts of west African countries which includes (NIGERIA, REPUBLIC OF BENIN, TOGO, GHANA, CAMEROUN, AND SENEGAL, Abidjan) and they are all in our custody here in Lagos Nigeria. We have been able to recover so much money from these scam artists.

The United Nation Anti-crime commission and the United State Government have Order the money recovered from the Scammers to be shared among 100 Lucky people around the globe.

This mail is been directed to you because your email address was found in one of the scam Artists file and computer hard disk in our custody here in Nigeria. You are therefore being compensated with $2.5 Million Dollars. Who claims that they are barristers/bank officials Lottery Agents who has money for transfer or want you to be the next of kin of such funds which do not exist.

Since your name appeared among the beneficiaries who will receive a compensation of $2.5 Million we have arranged your payment through our swift card payment center, Feel free to contact the processing officer Mr. Mark D Law the swift card has been specially prepared to enable you withdraw your money in any ATM machine in any part of the world, but the maximum is Five Thousand Dollars Only per day.

Because we have signed a contract with a courier service company which should expired May 31st 2012.

You are advice to contact, the processing officer Mr. Mark D Law with your information’s, also with the Delivery fee of your ATM.

EMAIL ADDRES:actionace454[@]ymail.com

Provide the information bellow to allow him prepare your card including your Pin.






Best Regard
Mr. Ibrahim Lamorde
Chairman EFCC

Apr 12

Mercedes Benz Test Questions & Answers

Subject: Mercedes Benz Test Questions & Answers



Dear Sir/Madam, In a bid to ease the living conditions of our fans/customers all over the world in this dark period of economic crunch Where many companies are closing and families have lost their homes and means of livelihood.

Mercedes-Benz*de in conjunction with Mercedes-Benz*co*uk sends you this mail with the aim of giving you the opportunity of becoming a proud beneficiary of the 2012 charity promotions with a cash sum of 850,000:00 GBP (Eight Hundred and Fifty Thousand Great British Pounds ) by being part of our online quiz competition.

If you have never had a Mercedes-Benz, this is your chance to benefit from our company while if you have had any of our products this is your opportunity of enjoying some of our benefits apart from the comfortability and efficiency of our products. Just answer the simple questions asked below.

1, Which of these is manufactured by Mercedes-Benz?
(A), X5 (B), SLR MCLAREN (C), Z4

2, Emil Jellinek named a special car made for him after the name of his 10 year old daughter, what was her name?

3, Name two cars that Mercedes-Benz Manufactured.
(A), X5 & E-CLASS (B), Z4 & K-CLASS (C), M-CLASS & C-CLASS

There are other Mercedes-Benz cash consolation prizes for candidates who may fall short of the answers.

Send your answers along with your
name, sex, Phone Number, country and occupation to:

NAME: Schmitz Hoffman
EMAIL: schmitz-mercbenz[@]qq.com
PHONE: +44-701-116-3740

Yours Sincerely, and Good Luck,
Stratford Homes (Chief Monitoring Officer)

Apr 12

My name is Mr.Chhan Sok, the branch Manager of FTB Plc Cambodia

Subject: From Mr.Chhan Sok


Dear Friend,

My name is Mr.Chhan Sok, the branch Manager of FTB Plc Cambodia branch in Toul Kork, Phnom Penh in Cambodia. There is an unfinished business transaction in my branch involving a client that bears the same last name with you.

This is a business that will profit both of us, if you are interested please send me an email to my office email address schhan[@]ymail.com so that I can give you more details.

I wait for your quick response.

Mr.Chhan Sok,

Apr 12

Better Business Bureau Complaint

Subject: Better Business Bureau Complaint
File attached: Complaint_ID04F57291141.htm (Trojan.JS.Agent.bxw) Source: Virus Total


Good afternoon,

Here with the Better Business Bureau would like to inform you that we have received a complaint (ID 9447849014)
from a customer of yours in regard to their dealership with you.

Please open the COMPLAINT REPORT attached to this email (open with Internet Explorer/Mozilla Firefox)
to view the details on this issue and suggest us about your position as soon as possible.

We hope to hear from you shortly.


Dispute Counselor
Better Business Bureau