Tag Archives: secure document

Fake fidelity Investments Secure Documents malspam delivers Trickbot banking trojan

My Online Security Posted on by 1

A new entry to the Trickbot malspam hitting the UK is this example of an email containing the subject of “Secure Documents ” pretending to come from Fidelity but actually coming from a look-a-like or typo-squatted domain secure@fidelitydocuments.com  with a malicious word doc attachment  is today’s latest spoof of a well-known company, bank or public authority delivering Trickbot banking Trojan Update: we have also discovered that the malicious word doc also delivers a coin miner as well as Trickbot banking trojan You can now submit suspicious sites, emails and files via our Submissions system Email Details From: Fidelity <secure@fidelitydocuments.com> Date: Wed 20/12/2017 16:11 Continue reading →

Fake HSBC We need to confirm your details malspam delivers Trickbot banking trojan

My Online Security Posted on by 2

Malware delivery methods change on a regular basis. Over the last couple of weeks loads of the criminal gangs switched from using Macros or Embedded Ole Objects in Word docs or Excel spreadsheets to using the DDE exploit in Word Docs to perform their malware campaigns. The Trickbot gangs were amongst the criminal gangs using this method. Yesterday we saw 1 set of Trickbot malspam campaign emails switch back to word docs using Embedded OLE objects and now today they have reverted to the old tried and trusted Macros in Word Docs to deliver their malware. This example of an email containing the subject of “We need to confirm Continue reading →

Spoofed Canada Revenue Agency Important – Secure Bank Communication malspam delivers Trickbot banking Trojan

My Online Security Posted on by 2

An email with the subject of Important – Secure Bank Communication coming from either  Canada Revenue Agency <no-reply@secure-gc.ca>  or Canada Revenue Agency <no-reply@securegcemail.ca>  with a malicious word doc attachment delivers Trickbot banking Trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. Canada Revenue Agency has not been hacked or had their email or other servers compromised. They are not sending the emails to you. Continue reading →

Spoofed HM Revenue & Customs Secure Communication delivers Dridex

My Online Security Posted on by 5

An email with the subject of Secure Communication pretending to come from HM Revenue & Customs <noreply@hmrc-secure.co.uk>  with a malicious word doc delivers Dridex banking Trojan They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. The genuine HM Revenue & Customs has not been hacked or had their email or other servers compromised. They are not sending the emails to you. They are just Continue reading →

Spoofed Australian Taxation Office Secure Documents leads to Trickbot banking Trojan

My Online Security Posted on by 5

An email with the subject of  Secure Documents pretending to come from Australian Taxation Office <‘Secure.Documents@atogov.com’>  with a malicious word doc which delivers Trickbot banking Trojan Update: I am being reliably informed it is not Trickbot, but ursnif / Gozi / ISFB which is a different banking Trojan. It is still just as dangerous and still has the ability to steal all your  financial and other details and intercept all communications between you and your bank, without you being aware. You still think you are on your bank’s genuine page. They are using email addresses and subjects that will scare or entice a user Continue reading →

You have a new Secure Document malspam delivers unknown malware

My Online Security Posted on by  

An email with the subject of You have a new Secure Document pretending to come from Document Delivery <service@doc.delivery>  with a malicious word doc delivers an unknown malware. I am not sure what malware this is.They are using email addresses and subjects that will scare or entice a user to read the email and open the attachment. A very high proportion are being targeted at small and medium size businesses, with the hope of getting a better response than they do from consumers. doc.delivery is  a newly registered domain today by an unknown registrant using domains by proxy privacy at Godaddy.com and of Continue reading →

unknown ransomware delivered via You have received a new secure document malspam

My Online Security Posted on by  

An email with the subject of You have received a new secure document  pretending to come from Incoming Document <service@incomingdocuments.com> with a malicious word doc attachment delivers some sort of ransomware . I am not certain what ransomware version this is. Update: I am being told that is probably what is preliminarily being called ASN1 ransomware. At this time, if you are infected/compromised/ have your files encrypted by this ransomware then it is highly likely that you will have lost them completely, unless you have  an offsite backup. Early indications are that the “website” ( which is on TOR network) being used to Continue reading →