{"id":207,"date":"2016-01-12T10:21:25","date_gmt":"2016-01-12T10:21:25","guid":{"rendered":"http:\/\/blogs.bath.ac.uk\/it-status\/?p=207"},"modified":"2016-01-14T10:13:32","modified_gmt":"2016-01-14T10:13:32","slug":"four-current-phishing-attacks-all-contain-malware-12-january-2016","status":"publish","type":"post","link":"https:\/\/blogs.bath.ac.uk\/it-status\/2016\/01\/12\/four-current-phishing-attacks-all-contain-malware-12-january-2016\/","title":{"rendered":"Four current phishing attacks all contain malware, 12 January 2016"},"content":{"rendered":"<p>Delete any of the current spate of phishing emails which all contain malware. \u00a0\u00a0Please see the examples below so you know what to look out for.\u00a0 The malware act in different ways so <a href=\"https:\/\/bath.topdesk.net\/tas\/public\/\" target=\"_blank\">get in touch with our IT Help if you did open any attachments<\/a>.<\/p>\n<p><strong>Subject Lines<\/strong><\/p>\n<p>Subject: Past due report<\/p>\n<p>Subject: AQR Transaction (or some 3 other \u00a0capital letter reference)<\/p>\n<p>Subject: FXR Invoice (or some 3 other \u00a0capital letter reference)<\/p>\n<p>Subject: NS Transfer (or some other 1 or 2 capital letter reference)<\/p>\n<p>Subject: MD Transaction<\/p>\n<p><strong>From Addresses<\/strong><\/p>\n<p>These change so we cannot provide a definitive list.\u00a0 We have provided examples below so you know what to look out for.<\/p>\n<p>&nbsp;<\/p>\n<p>Attachment \u2013 Customer_PAST_DUE_DATE####.doc (331KB<\/p>\n<p>&nbsp;<\/p>\n<p>________________________________________<\/p>\n<p>From: Micah Hutchinson [ducks@ducks.fr]<\/p>\n<p>Sent: 14 January 2016 06:24<\/p>\n<p>To: Recipient<\/p>\n<p>Subject: Fw: MD\u00a0 Transaction<\/p>\n<p>Good Day<\/p>\n<p>Please see the report in attachment. In order to avoid fine for delay you need to pay within 24 hours.<\/p>\n<p>Kindest regards<\/p>\n<p>Micah Hutchinson<\/p>\n<p>&nbsp;<\/p>\n<p>-----Original Message-----<\/p>\n<p>From: Bob Hahn [mailto:Bob.Hahn@adams-burch.com]<\/p>\n<p>Sent: 11 January 2016 16:03<\/p>\n<p>To: recipient<\/p>\n<p>Subject: Past due report<\/p>\n<p>Importance: High<\/p>\n<p>&nbsp;<\/p>\n<p>Please let me know when we can expect payment on the past due invoices. I attach it.<\/p>\n<p>&nbsp;<\/p>\n<p>Thanks,<\/p>\n<p>&nbsp;<\/p>\n<p>Bob Hahn | Solutions Salesperson<\/p>\n<p>&nbsp;<\/p>\n<p>Bob.Hahn@adams-burch.com<\/p>\n<p>C:\u00a0 301-442-6970 | P: 301-276-2075 | F: 301-386-0275 www.adams-burch.com<\/p>\n<p>&nbsp;<\/p>\n<p>-------------------------------------------------------------------------------------------------------<\/p>\n<p>&nbsp;<\/p>\n<p>Attachement \u2013 RANDOM_STRING(13charcter).doc\u00a0 (229KB)<\/p>\n<p>&nbsp;<\/p>\n<p>From: Cheyenne Juarez [sebraepe@aerotur.com.br]<\/p>\n<p>Sent: 12 January 2016 07:06<\/p>\n<p>To: Recipient<\/p>\n<p>Subject: Fw: AQR\u00a0 Transaction<\/p>\n<p>&nbsp;<\/p>\n<p>Greetings<\/p>\n<p>&nbsp;<\/p>\n<p>Please find the receipt enclosed with this email. The Transfer should appear on your bank in 48 hours.<\/p>\n<p>&nbsp;<\/p>\n<p>Kind regards<\/p>\n<p>Cheyenne Juarez<\/p>\n<p>&nbsp;<\/p>\n<p>-------------------------------------------------------------------------------------------------------<\/p>\n<p>Attachment - \u00a0random_string (10Character).doc (212KB)<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>From: Galena Evans [opsscs.kolhapur@dtdc.com]<\/p>\n<p>Sent: 12 January 2016 05:59<\/p>\n<p>To: Recipient<\/p>\n<p>Subject: Fwd: FXR\u00a0 Invoice<\/p>\n<p>&nbsp;<\/p>\n<p>Good Day<\/p>\n<p>&nbsp;<\/p>\n<p>Please review the invoice attached to this email. The Transaction will be posted on your bank in one day.<\/p>\n<p>&nbsp;<\/p>\n<p>Best regards<\/p>\n<p>Galena Evans<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>-------------------------------------------------------------------------------------------------------<\/p>\n<p>Attachment - \u00a0random_string (10Character).doc (237KB<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p>-----Original Message-----<\/p>\n<p>From: Shea Stone [mailto:purchases@dfwit.com]<\/p>\n<p>Sent: 12 January 2016 07:48<\/p>\n<p>To: Recipient<\/p>\n<p>Subject: NS Transfer<\/p>\n<p>&nbsp;<\/p>\n<p>Hi<\/p>\n<p>&nbsp;<\/p>\n<p>Please review the payment confirmation enclosed with this message. The Payment will be posted on your account within 24 hours.<\/p>\n<p>&nbsp;<\/p>\n<p>Best regards<\/p>\n<p>Shea Stone<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Delete any of the current spate of phishing emails which all contain malware. \u00a0\u00a0Please see the examples below so you know what to look out for.\u00a0 The malware act in different ways so get in touch with our IT Help...<\/p>\n","protected":false},"author":276,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":"","jetpack_post_was_ever_published":false},"categories":[106],"tags":[60],"class_list":["post-207","post","type-post","status-publish","format-standard","hentry","category-phishing","tag-malware"],"acf":[],"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/posts\/207","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/users\/276"}],"replies":[{"embeddable":true,"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/comments?post=207"}],"version-history":[{"count":0,"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/posts\/207\/revisions"}],"wp:attachment":[{"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/media?parent=207"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/categories?post=207"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blogs.bath.ac.uk\/it-status\/wp-json\/wp\/v2\/tags?post=207"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}