Comments

New Invoice #2768-16 malspam delivers Cerber ransomware — 11 Comments

  1. My variation had a different account number (New Invoice #4835-16) and file name (service-inv.zip) and sender — but the same stupid password, 123456. And it was actually that password that made me suspicious! And it was sent to the e-mail that I use only on my web site, and not for anybody I do business with.

  2. Today I got this email:

    From: tylso@hotel-tapatio.com

    This email is being sent in order to inform you that a new invoice has been generated for your account.
    Please see the file that is attached.

    The file is password protected to protect your information.
    The password is 123456
    Thank you.
    Helene Kelsey

  3. I received the following e-mail today from info@risingstarcourier.com (which I think is an arbitrary e-mail that was used, not actually from them) with a zip file attached:

    Subject: New Invoice #3064-16

    This email is being sent in order to inform you that a new invoice has been generated for your account.

    Your Account Login: *** (my email address)

    Your Account Password: *** (a password that I sometimes use)

    Please see the file that is attached.

    The file is password protected to protect your information. The password is 123456

    Thank you.

    SUZANNE MONICAL

    My account login has my e-mail address which is fine, but what’s disturbing is that in the account password field, a password that I sometimes use is there! It isn’t a commonly used password or anything and I haven’t recently signed up to any website using this password either. The only conclusions I can come to so far are:

    1. A website that I used this password on has been compromised and for some reason stores passwords in plain text.

    2. Whoever obtained a hash of my password used password cracking software to obtain it.

    My main concern is trying to find out where the information was taken from so I can change my password but that sounds like a long-shot. Has anyone else received an e-mail like this or can help advise me on what I should be doing next? I’m not familiar with what information I can find in the e-mail source so I’d appreciate any help there too.

    • safest thing is change all password on all sites. you should always use a different “difficult to guess” password on each site. Never use the same password on two or more sites.

      You can check out https://haveibeenpwned.com/ and see if the email address is in any known breach

      It looks like the email address you used to post this is listed as being compromised on 2 sites where passwords were also stolen

    • I received a similar email today. What spooked me was that it had the email I use to login to many sites and a variation of a password I use.

      Like an idiot I extracted what looked like a .doc file. I scanned with both malwarebytes and avast with no result. Because the email had a password that I used I opened the file. I got a MSword file password prompt and DID NOT type in the password.

      My question: Did I avoid launching the malware by not typing in the password?

      BTW, a search of my password book showed that the only login with that particular variation was an old unused MySpace account.

Leave a Reply

Your email address will not be published. Required fields are marked *