My Online Security | Keep yourself safe online

Fake PayPal Debt recovery email – Extortion, Blackmail, scam and Phishing

Posted on 10 September 2018 5:31 am by Myonlinesecurity10 September 2018 5:31 am

Another quite different extortion, blackmail, phishing scam this morning. It is primarily aimed at French speaking users although it was received to an email address used by an English speaker. It comes from what purports or pretends to be a debt recovery service. It basically says that you owe PayPal €37.18 ( might be other amounts of money in other versions) and that they have been employed by PayPal to recover the debt. This is a total scam and you should not pay or fill in any forms on the website being linked to https://eu-recouvrement.com/. Do not reply to the … Continue reading →

Trickbot delivered by fake PWC September 2018 Payroll Timetable using excel macro spreadsheets

Posted on 7 September 2018 12:07 pm by Myonlinesecurity7 September 2018 12:07 pm

A bit of a change with the Trickbot delivery system this morning in UK. They are using macro enabled XLS spreadsheet files instead of the usual word docs. This example is an email containing the subject of “September 2018 Payroll Timetable” pretending to come from PricewaterhouseCoopers LLP but actually coming from “Claire.Rhodes@pwc-payroll.co.uk” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious office attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan You can now submit suspicious sites, emails and files via … Continue reading →

Fake Companies House WebFiling Authentication Code delivers Trickbot

Posted on 5 September 2018 1:41 pm by Myonlinesecurity5 September 2018 1:41 pm

This example is an email containing the subject of “WebFiling Authentication Code” pretending to come from Companies House but actually coming from “web-filing@companiesshouse.co.uk” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan. The criminals have actually done a much better job than usual when picking the look-a-like domain companiesshouse.co.uk with the extra S in the name likely to be missed by the majority of recipients. They have just fallen down on … Continue reading →

Fake Student Finance Body phishing scam

Posted on 5 September 2018 8:13 am by Myonlinesecurity5 September 2018 8:13 am

The scammers & criminals get ever more creative with their phishing scams. This is one I have not seen before and could be very effective. It pretends to be a message from the UK Student Finance Body checking they have correct details to pay the payments. If you are unwise enough to follow the links then it will result in your bank, and student identity being stolen Remember many email clients, especially on a mobile phone or tablet, only show the Name in the From: and not the bit in <domain.com >. That is why these scams and phishes work so well. Email Details … Continue reading →

Formbook delivered via “new” RTF exploit

Posted on 4 September 2018 5:37 am by Myonlinesecurity4 September 2018 5:37 am

A bit of a change with the Formbook malware delivery system today. An email with the subject of “Re: Payment Update” pretending to come from “Silvia.Rey@rotork.com” with a malicious word RTF doc attachment delivers Formbook. The RTF file is quite different to the normal ones we see. Several antiviruses are detecting it generically as either CVE-2017-0199 or CVE-2017-11882 or CVE-2012-0158 but I don’t think any of those detections are entirely correct and it looks like a newer / different exploit. They are using email addresses and subjects that will scare or entice a user to read the email and open the … Continue reading →

Fake Royal Bank of Scotland you owe service charges of £42,243.52 tries to deliver trickbot

Posted on 3 September 2018 1:30 pm by Myonlinesecurity3 September 2018 1:30 pm

This example is an email containing the subject of “Advice of Service Charge” saying that you have a service charge to pay of £42,243.52 is really going to give a few recipients quite a shock. This pretends to come from RBS, Royal Bank of Scotland but actually coming from “E.Mirk@rbsemail.co.uk” which is a look-a-like, typo-squatted or other domain that can easily be misidentified, mistaken or confused with the genuine site, with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan. However today it looks like the delivery system went wrong and … Continue reading →

Fake Danske Bank “FW: Insurance Documents” delivers Trickbot

Posted on 31 August 2018 12:39 pm by Myonlinesecurity31 August 2018 12:39 pm

Yet another pretty lame email from the Trickbot gang again today. Some days I really don’t understand this gang of criminals. They go to the bother of registering various look-a-like domains to send the emails from, so they might stand a better chance of fooling recipients. They then create very effective macro enabled word docs using all sorts of tricks to avoid detection & install on the victim’s computer. Then they go and send a stupidly lame email that doesn’t look even vaguely like it comes from any bank whatsoever all in plain text with no logos or images. That … Continue reading →