Tag: secure document | My Online Security

Fake fidelity Investments Secure Documents malspam delivers Trickbot banking trojan

Posted on 20 December 2017 6:00 pm by Myonlinesecurity20 December 2017 6:00 pm

A new entry to the Trickbot malspam hitting the UK is this example of an email containing the subject of “Secure Documents ” pretending to come from Fidelity but actually coming from a look-a-like or typo-squatted domain secure@fidelitydocuments.com with a malicious word doc attachment is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan Update: we have also discovered that the malicious word doc also delivers a coin miner as well as Trickbot banking trojan You can now submit suspicious sites, emails and files via our Submissions system Email Details From: Fidelity <secure@fidelitydocuments.com> Date: Wed 20/12/2017 16:11 … Continue reading →

Fake HSBC We need to confirm your details malspam delivers Trickbot banking trojan

Posted on 1 November 2017 2:37 pm by Myonlinesecurity1 November 2017 2:37 pm 2

Malware delivery methods change on a regular basis. Over the last couple of weeks loads of the criminal gangs switched from using Macros or Embedded Ole Objects in Word docs or Excel spreadsheets to using the DDE exploit in Word Docs to perform their malware campaigns. The Trickbot gangs were amongst the criminal gangs using this method. Yesterday we saw 1 set of Trickbot malspam campaign emails switch back to word docs using Embedded OLE objects and now today they have reverted to the old tried and trusted Macros in Word Docs to deliver their malware. This example of an email containing the subject of “We need to confirm … Continue reading →

Spoofed Canada Revenue Agency Important – Secure Bank Communication malspam delivers Trickbot banking Trojan

Posted on 22 February 2017 5:35 pm by Myonlinesecurity22 February 2017 5:35 pm 2

An email with the subject of Important – Secure Bank Communication coming from either Canada Revenue Agency <no-reply@secure-gc.ca> or Canada Revenue Agency <no-reply@securegcemail.ca> with a malicious word doc attachment delivers Trickbot banking Trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Canada Revenue Agency has not been hacked or had their email or other servers compromised. They are not sending the emails to you. … Continue reading →

Spoofed HM Revenue & Customs Secure Communication delivers Dridex

Posted on 19 December 2016 1:56 pm by Myonlinesecurity19 December 2016 1:56 pm 5

An email with the subject of Secure Communication pretending to come from HM Revenue & Customs <noreply@hmrc-secure.co.uk> with a malicious word doc delivers Dridex banking Trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The genuine HM Revenue & Customs has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just … Continue reading →

Spoofed Australian Taxation Office Secure Documents leads to Trickbot banking Trojan

Posted on 19 December 2016 6:28 am by Myonlinesecurity19 December 2016 6:28 am 5

An email with the subject of Secure Documents pretending to come from Australian Taxation Office <‘Secure.Documents@atogov.com’> with a malicious word doc which delivers Trickbot banking Trojan Update: I am being reliably informed it is not Trickbot, but ursnif / Gozi / ISFB which is a different banking Trojan. It is still just as dangerous and still has the ability to steal all your financial and other details and intercept all communications between you and your bank, without you being aware. You still think you are on your bank’s genuine page. They are using email addresses and subjects that will scare or entice a user … Continue reading →

You have a new Secure Document malspam delivers unknown malware

Posted on 13 December 2016 12:03 am by Myonlinesecurity13 December 2016 12:03 am

An email with the subject of You have a new Secure Document pretending to come from Document Delivery <service@doc.delivery> with a malicious word doc delivers an unknown malware. I am not sure what malware this is.They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. doc.delivery is a newly registered domain today by an unknown registrant using domains by proxy privacy at Godaddy.com and of … Continue reading →

unknown ransomware delivered via You have received a new secure document malspam

Posted on 18 November 2016 9:59 pm by Myonlinesecurity19 November 2016 9:08 am

An email with the subject of You have received a new secure document pretending to come from Incoming Document <service@incomingdocuments.com> with a malicious word doc attachment delivers some sort of ransomware . I am not certain what ransomware version this is. Update: I am being told that is probably what is preliminarily being called ASN1 ransomware. At this time, if you are infected/compromised/ have your files encrypted by this ransomware then it is highly likely that you will have lost them completely, unless you have an offsite backup. Early indications are that the “website” ( which is on TOR network) being used to … Continue reading →

My Online Security

Keep yourself safe online

Tag Archives: secure document