Following on from Friday’s Trickbot failure imitating / spoofing Natwest Bank we start Monday with a working copy An email with the subject of NatWest pretending to come from NatWest but actually coming from a look-a-like domain New post NatWest Bank <noreply@natwest96.ml> with a malicious word doc attachment is today’s … Continue reading →
Continuing with the never ending series of malware downloaders is an email with the subject of Your order no 8194788 ( random numbers) has been processed coming from random names @ creatingkindly.com which delivers some sort of malware eventually. These pretend to be an order confirmation for cotton material from a random … Continue reading →
It looks like the apprentice must be in charge today at the Trickbot HQ. The first round of emails are being sent malformed with no body content, no subject and no malware attachment. It is very kind of them to give us a heads up which bank they are spoofing … Continue reading →
Continuing with the never ending series of malware downloaders is an email with the subject of Your Xero Invoice INV-0855485 coming from subscription.notifications@xeronet.org which uses compromised sharepoint aka onedrive for business accounts to deliver Dridex banking Trojan Note: this was forwarded to me by a contact this morning who received it yesterday. … Continue reading →
An email with the subject of You have a Santander Secure Email pretending to come from Santander Bank but actually coming from a look-a-like domain <message@santanderdocs.co.uk> with an html attachment which downloads a malicious word doc attachment is today’s latest spoof of a well known company, bank or public authority delivering … Continue reading →
An email with the subject of Secure Message pretending to come from Natwest but actually coming from a look-a-like domain <message@securenatwest.co.uk> is today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan There is a slight change to the delivery mechanism today with a HTML attachment that … Continue reading →
An email with the subject of Incoming BACs pretending to come from Lloyds Bank but actually coming from a look-a-like domain <noreply@lloydsbacs.co.uk> with a malicious word doc attachment is the next today’s latest spoof of a well known company, bank or public authority delivering Trickbot banking Trojan They are using email addresses and … Continue reading →
By continuing to use the site, you agree to the use of cookies. more information
The cookie settings on this website are set to "allow cookies" to give you the best browsing experience possible. If you continue to use this website without changing your cookie settings or you click "Accept" below then you are consenting to this.
