Lots of different emails pretending to be from various different Government departments They are all another one from the current upatre-zbot runs which try to drop cryptolocker on your computer.
Updated 28 July 2014: today’s version is Your Online Submission for Reference 465/GB2703024 Could not process with the same malware as https://myonlinesecurity.co.uk/hmrc-tax-refund-notice-fake-pdf-malware/
- Your Online Submission for Reference 435/GB8397317 Could not process < numbers vary>
- Could not process Online Submission
- Notification of direct debit of fees
Fairly Simple email :
We could not process your Full Payment Submission.
The submission for reference 475/RA8746193 was successfully received and was not processed.
Check attached copy for more information.
This is an automatically generated email. Please do not reply as the email address is not monitored for received mail.
Notification Number: 2622637 Mandate Number: 8074554
###THIS IS AN AUTO NOTIFICATION EMAIL. DO NOT REPLY TO THE SENDER OF THIS EMAIL. IF YOU HAVE A QUERY PLEASE REFER TO THE INFORMATION BELOW ###
This is notification that Land Registry will debit 206.00 GBP from your nominated account on or as soon as possible before 15/01/2013.
Details of fees that we shall be collecting by direct debit for the applications charged are now available to view.
You can access these by opening attached report.
If you have an enquiry relating to your VDD account please contact Customer Support at email@example.com or call on 0844 892 1111. For all enquiries, please quote your key number.
Land Registry is the definitive source of information for more than 23 million property titles in England and Wales. Since 1862 we have provided security and confidence in one of the most active property and mortgage markets in the world. We are working to support economic growth and data transparency as part of the Public Data Group. Find out more at www.landregistry.gov.uk
If you have received this e-mail and it was not intended for you, please let us know, and then delete it. Please treat our communications in confidence, as you would expect us to treat yours. Land Registry checks all mail and attachments for known viruses, however, you are advised that you open any attachments at your own risk.
The original of this email was scanned for viruses by the Government Secure Intranet virus scanning service supplied by Vodafone in partnership with Symantec. (CCTM Certificate Number 2009/09/0052.) On leaving the GSi this email was certified virus free.
Communications via the GSi may be automatically logged, monitored and/or recorded for legal purposes.
1.This e-mail and any files or documents transmitted with it are confidential and intended solely for the use of the intended recipient. Unauthorised use, disclosure or copying is strictly prohibited and may be unlawful. If you have received this e-mail in error, please notify the sender at the above address and then delete the e-mail from your system. 2. If you suspect that this e-mail may have been intercepted or amended, please notify the sender. 3. Any opinions expressed in this e-mail are those of the individual sender and not necessarily those of QualitySolicitors Punch Robson. 4. Please note that this e-mail and any attachments have been created in the knowledge that internet e-mail is not a 100% secure communications medium. It is your responsibility to ensure that they are actually virus free. No responsibility is accepted by QualitySolicitors Punch Robson for any loss or damage arising from the receipt of this e-mail or its contents. QualitySolicitors Punch Robson: Main office 35 Albert Road Middlesbrough TS1 1NU Telephone 01642 230700. Offices also at 34 Myton Road, Ingleby Barwick, Stockton On Tees, TS17 0WG Telephone 01642 754050 and Unit E, Parkway Centre, Coulby Newham, Middlesbrough TS8 0TJ Telephone 01642 233980 VAT no. 499 1588 77. Authorised and regulated by the Solicitors Regulation Authority (57864). A full list of Partners names is available from any of our offices. For further details, please visit our website http://www.qualitysolicitors.com/punchrobson
What makes these attempts slightly more possible than some other attempts is that the emails appear to come from firstname.lastname@example.org which is an address used by UK government departments to reply to anything that send to Government departments. Which might be your tax return , but more likely to be renewing your passport or renewing your driving licence etc. So the likelihood of somebody having submitted such documentation or payment or request is actually quite high.
Version 13 January 2014: GB01132014.exe Current Virus total detections: 2/48
14 Jan 2014 Notification_1401.exe is exactly the same malware as todays version of THIS
This is another one of the spoofed icon files that unless you have “show known file extensions enabled“, will look like a proper PDF file instead of the .exe file it really is, so making it much more likely for you to accidentally open it and be infected.
All of these emails use Social engineering tricks to persuade you to open the attachments that come with the email. Whether it is a message saying “look at this picture of me I took last night” and it appears to come from a friend or is more targeted at somebody who regularly is likely to receive PDF attachments or Word .doc attachments or any other common file that you use every day. Be very careful when unzipping them and make sure you have “show known file extensions enabled“, And then look carefully at the unzipped file. If it says .EXE then it is a problem and should not be run or opened.