“Wire transfer confirmation” spam emails are nothing new – they’ve been regularly turning up in users’ inboxes throughout the years.
But, as much as people working in the security industry would like to believe that users have learned to avoid this and other often-used tactics, the fact that emails like this are still being spammed out means that there are still individuals out there falling for the scheme.
This latest campaign has all the usual markings – the subject line implies that the email is a reply to a previous inquiry or that it has been forwarded to the recipient; the message says that there is a problem with the wire transfer; random big numbers are used to create the illusion that this wire transfer is one of millions.
Still, as Sophos’ Graham Cluley points out, there is one curious detail that could help users to “smell a rat”: the emails appear to have been sent from an email associated with Habbo Hotel, LinkedIn, UPS, and other companies that have no business sending out notifications about wire transfers.
Expectedly, these emails carry a malicious payload: the attached Transaction_N48823.zip is a variant of the Bredolab downloader Trojan, which opens the target computer to further infection.