Thursday 3 December 2015

ICM Industrial Cleaning Materials - Invoice #2393 Scam Email

ICM - Invoice #2393 is a Scam virus email. As usual just delete this email. The attachment contains a virus that will try to load Trojan program to steal your bank login data.

Dear Customer,
Please find invoice 2393 attached.
Kind Regards,
ICM

Industrial Cleaning Materials
Unit 19 Highlode Ind Est
Stocking Fen Road
Ramsey
Huntingdon
Cambridgeshire
PE26 2RB
Tel: 01487 800011
fax 01487 812075


ICM - Invoice #2393 Scam Email
ICM - Invoice #2393 Scam Email

Tuesday 1 December 2015

Cryptowall 4 Infection Website Compromised from Nuclear Exploit Kit (HELP_YOUR_FILES.PNG)

Until last week it appeared that Cryptowall 4 infection was only being seen from emails carrying the payload. It now appears it is also being delivered by websites compromised by the Nuclear Exploit Kit. The Nuclear EK operates by exploiting vulnerabilities in Java, Acrobat Reader, Flash, and Silverlight so it's essential that you have your PC fully patched up to date.



Cryptowall 4 is now being found in the wild delivered by hacked websites. If you find your files on your drives are encrypted and the file names are also encrypted then it's highly likely that you have been infected by Cryptowall 4 ransomware. You can see the file HELP_YOUR_FILES.PNG will be stored in the folder with all the encrypted files. Other help files may be HELP_YOUR_FILES.HTML, HELP_YOUR_FILES.TXT.





Even visiting an apparently innocuous website may lead to your PC being infected IF you have software that has vulnerabilities such as Adobe Flash. Even fairly recent versions from August 2015 are still vulnerable to infection.



More info on the Nuclear Exploit kit for Cryptowall 4 here.
How to recover from Cryptowall 4



 http://www.bleepingcomputer.com/virus-removal/cryptowall-ransomware-information



To check a website you can use: http://www.isithacked.com

Thursday 19 November 2015

Invoice and VAT Receipt EDMUN11118_181859 [Account:EDMUN11118]

Usual advice applies, just delete the email as it's a virus. The company listed as the sender will have no knowledge of the email as it's not come from them.


support@postcodeanywhere.com Invoice and VAT Receipt EDMUN11118_181859 [Account:EDMUN11118]


Thanks for your order!
Your payment was successfully processed and £120.00 was debited from your Visa card on 19 November 2015 (authorisation code: AUTH CODE:008018).. Thank you for your business, we appreciate it. Please find your VAT receipt attached for your records. Please retain this in case of any queries.


Your service is ready to use.
 
Account balance topped up: £100.00 credit added
divider

Your Google invoice is ready spam virus


Attached to this email, please find the following invoice:

Invoice number: 1630884720
Due date: 19-Nov-2015
Billing ID: 34979743806


Please follow instructions on the invoice for remitting payment. If you have questions, please contact collections-uk@google.com.

Yours Sincerely,
The Google Billing Team


--------------------------
Billing ID: 0349-7974-3806

noreply@cevalogistics.com Shipping notification SPam Email

The latest spam/virus is shown as coming from noreply@cevalogistics.com but this email address is faked. Subject line [Shipping notification] N4934524 (PB UK) and an Excel attachment Shipping-notification.xls

As usual don't open the file and just delete the email as it contains a virus.

Monday 16 November 2015

Fake Email Toll IPEC invoice/statement (80458249)

Yet another email spam with faked sender. This is not a genuine email about tolls and should be deleted. It also contains a pXLS file attachment which appears to be a mistake or to trick virus scanners into allowing it through.


Toll IPEC invoice/statement (80458249)


Please find attached your current Toll IPEC invoice/statement..

Should you have a query with your account, please contact the telephone number detailed on your invoice/statement or email your enquiry to ipecar@tollgroup.com

DoT Payment Receipt XLS Email Spam

The latest email spam/virus has a subjedct line of "DoT Payment Receipt" with an attachment of PaymentReceipt.XLS. As with all of these types of email it isn't sent by the Dept of Transport, the email sender address has been faked to appear that it's sent by DoT to give authenticity to the email.


The attachment contains a virus/malware that will try to install a banking stealer trojan on your PC. DO NOT open the attachment and if you have we'd strongly recommend a complete virus scan repeated over a few days to ensure any new variants are detected.
Often these viruses are not detected on the first day that they are discovered.

  DoT Payment Receipt

 [Automated message. Do not reply] Thank you for your payment. It is important that you print this receipt and record the receipt number as proof of your payment.

You may be asked to provide your receipt details should you have an enquiry regarding this payment. DISCLAIMER This email and any attachments are confidential and may contain legally privileged and/or copyright material. You should not read, copy, use or disclose any of the information contained in this email without authorisation. If you have received it in error please contact us at once by return email and then delete both emails. There is no warranty that this email is error or virus free.

Friday 13 November 2015

What is pXLS Excel File Attachment on Fake Telestra Bill?

The latest Malware/Virus doing the rounds purports to be a Telestra bill but contains an attachment with a pXLS file extension.

This doesn't look like a genuine Excel file extension (which is normally XLSX or XLS) so it's likely that the bot network sending out the emails has an error in it or it's designed to trick anti-virus software into allowing it through in the hope some users may rename it to a XLS and thus launch the virus payload.

 pXLS Excel File Attachment
 pXLS Excel File Attachment


If you receive this email then the safest option is to just delete it. It's not a real bill and is not sent by Telestra.

November Invoice INV-9771 from Eye on Books


Latest virus email. This is not a genuine email from Xero.com and they have no knowledge of these as the email sender is being faked. Just delete the email and don't open the attachment.


These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

... both of which are designed to steal login information regarding your bank accounts either by
key logging, taking screen shots or copying information directly from your clipboard (copy/paste)


===================================================================

Subject: November Invoice INV-9771 from Eye on Books
Attachment: Invoice INV-9771.xls

Hi,

 

Please find attached this months invoice for Xero & Receiptbank software.  You've completed a direct debit form, so this will have been paid from your nominated account, so please don't send through payment seperately.

 

Thanks again for your business, it's greatly appreciated.

 

Kind regards,

Charles Klvana

EYE ON BOOKS

Email Scam - Your new Telstra bill for account 2000514059862 is attached


Latest email scam with virus/Trojan attachment is shown as coming from telstraemailbill_noreply8@online.telstra.com but this is not a genuine email from Telestra. Just delete it as the attachment will contain a virus trying to steal your bank details

Subject :Your new Telstra bill for account 2000514059862 is attached
#
Your account number: 2000514059862
This bill number: 1107991874
 
Hi ,
 
Your new Telstra bill is attached. Please pay your bill by its due date of 30 Nov 2015.
 
We recommend making your payment online at telstra.com/paybill.
 
Like to know more?
If you have any questions or concerns about this email you can get in touch with us at telstra.com/contact.

Friday 6 November 2015

Virus Phishing Trojan Email - Subject Invoice From Timber Solutions Attachment Esale.XLS


One of the latest phishing/virus/trojan email is from Kes kerryadamson@bigpond.com with subject "Invoice #00004232; From Timber Solutions" and with attachment Esale.xls 

This file is a virus and should not be opened. If you have opened then I'd strongly recommend running anti virus software on your PC over a few days to make sure any new virus is detected as it can take a couple of days for new ones to be added to virus signature files


These word/excel attachments normally try to download either...

    Dridex banking trojan,
    Shifu banking trojan

Invoice #00004232; From Timber Solutions


Hi, please find attached our invoice for goods ordered under Order No. 11146, which will be delivered tomorrow.  Please pay into the account, details of which are at the foot of the invoice.  Kes

Thursday 22 October 2015

UU Scotland Email Malware Spam Virus 22 October 2015 Invoice Summary.doc

A new version of this email is now being sent out, with a different file that AV is not detecting. This has been submitted to Mcafee for analysis but as always just delete the email.


==================================================


A large volume of emails are being sent out purporting to be from United Utilities Scotland with an attachment 22 October 2015 Invoice Summary.doc




This attachment contains a Trojan/virus that will download various malware to your PC. Do not open the attachment and just delete the email. United Utilities serve the North West of England
Virus email with Water Services Invoice from United Utilities Scotland
Water Services Invoice from United Utilities Scotland

We believe that somewhere between 10 million and 100 million copies of this Virus Trojan email have been sent out and United Utilities have had over 1 million bounce back messages from emails sent to invalid email addresses sent to their servers from invalid email addresses. UU Scotland have now shut down their email servers for these email addresses which gives some indication of how serious this issue is for them.


To be clear - this message was NOT sent by UUSCOTLAND (UUSCOTLAND@uuplc.co.uk) and their email address has been spoofed. You do not need to report it to UU or to Melissa Lears mentioned in the email.


More info here:


http://www.unitedutilitiesscotland.com/important-information.aspx


===========================================


UUSCOTLAND


Good Morning,


I hope you are well.


Please find attached the water services invoice summary for the billing period of 12 September 2015 to 12 October 2015.


If you would like any more help, or information, please contact me on 0345 0726077. Our office is open between 9.00am and 5.00pm Monday to Friday. I will be happy to help you. Alternatively you can email me at uuscotland@uuplc.co.uk.


Kind regards


Melissa



Melissa Lears


Billing Specialist


Business Retail

Wednesday 21 October 2015

Email Trojan Malware INVOICE FOR PAYMENT - 7500005791 from Lyn.Whitehead lancashire.pnn.police.uk

Latest email containing malware/Trojan appears to come from Whitehead, Lyn Lyn.Whitehead@lancashire.pnn.police.uk

This is probably a genuine email address and genuine person but not a genuine email. Strongly recommend you just delete and do NOT open. If already opened then full virus scan recommended.


It's not actually being sent from a PNN email address, it's purely a spoofed sender so it appears like it has come from them. They have no connection with it and no control over someone sending it out.
Almost certainly contains the Dridex malware/Trojan as many similar ones have over the last few weeks


EMail content follows:



INVOICE FOR PAYMENT - 7500005791
Hello


 


Please find attached an invoice that is now due for payment.


 


Regards


 


Lyn


 


Lyn Whitehead (10688)


Business Support Department - Headquarters


 


 






It's not being sent from a PNN email address, it's purely a spoofed sender so it appears like it has come from them. They have no connection with it and no control over someone sending it out.
Almost certainly contains the Dridex malware/Trojan as many similar ones have over the last few weeks

Tuesday 20 October 2015

Ocado Email Spam Virus Receipt "Your Receipt for Today's Ocado Delivery" - Fake Phishing Attack Email

A large volume of phishing emails have been sent out purporting to be from Ocado with a receipt attached.  The attachment almost certainly contains the Dridex trojan/virus stealing bank details so just delete the email and attachment.



This email is NOT from Ocado; the sender has "spoofed" the sender address to make it appear like that but they have nothing to do with it and cannot stop any spammers/criminals sending emails in their name.



If you try to open the attachment RECEIPT.doc it will request Macro access when it then downloads trojan files to your PC to steal your bank login details. So far it has been reported that £20 million has been stolen from UK bank customers by this virus/trojan. This is pure and simple a criminal attack to steal money.



If you have opened the attachment you should use a virus scanner to check your PC and make sure it is clean of any viruses.




"Your Receipt for Today's Ocado Delivery" Ocado spam email receipt
"Your Receipt for Today's Ocado Delivery"

"Your Receipt for Today's Ocado Delivery"

Hello

Your receipt for today’s delivery is attached to this email. I’ll be delivering your 12:00-14:00 order and, so you’ll know it’s me, I’ll be driving the Lemon van.

Your order doesn’t have any substitutions, everything’s there.

See you later,

Paul 

Tuesday 13 October 2015

Virus Trojan Email about Water Services Invoice from United Utilities Scotland (UUSCOTLAND)

A large volume of emails are being sent out purporting to be from United Utilities Scotland with an attachment 12 October 2015 Invoice Summary.doc


This attachment contains a Trojan/virus that will download various malware to your PC. Do not open the attachment and just delete the email. United Utilities serve the North West of England
Virus email with Water Services Invoice from United Utilities Scotland
Water Services Invoice from United Utilities Scotland

We believe that somewhere between 10 million and 100 million copies of this Virus Trojan email have been sent out and United Utilities have had over 1 million bounce back messages from emails sent to invalid email addresses sent to their servers from invalid email addresses. UU Scotland have now shut down their email servers for these email addresses which gives some indication of how serious this issue is for them.


To be clear - this message was NOT sent by UUSCOTLAND (UUSCOTLAND@uuplc.co.uk) and their email address has been spoofed. You do not need to report it to UU or to Melissa Lears mentioned in the email.


More info here:


http://www.unitedutilitiesscotland.com/important-information.aspx


===========================================


UUSCOTLAND


Good Morning,


I hope you are well.


Please find attached the water services invoice summary for the billing period of 12 September 2015 to 12 October 2015.


If you would like any more help, or information, please contact me on 0345 0726077. Our office is open between 9.00am and 5.00pm Monday to Friday. I will be happy to help you. Alternatively you can email me at uuscotland@uuplc.co.uk.


Kind regards


Melissa



Melissa Lears


Billing Specialist


Business Retail

Monday 28 September 2015

Facebook Down! Page Unavailable. Facebook Outage Sep 2015


If you try to access the Facebook website you get the message:

This web page is not available


Unusually it also appears that the Facebook app is not available either, in the past either the website or mobile has been unavailable but not both at the same time.

Wednesday 23 September 2015

Cahoot Non 0844 Phone Number

Cahoot online bank publish their 0844 phone number on all their literature and emails but this costs a fortune from mobile phones as it's not included in inclusive minutes and attracts a premium cost to phone.


Cahoot seem to hide their non 0844 number and make it very hard to avoid these phone charges but it is hidden away on the cahoot website. The overseas non 0844 phone number to call cahoot is:


01908-937222

If you are outside the UK the number to dial is 0044 1908 937222


https://www.cahoot.com/rates_fees/fees_travel_overseas.html

Friday 8 May 2015

Virus Emails Scanned Tickets scan0079.xls from Rebecca De Mulder

Email from Rebecca De Mulder
milestoneholdings@yahoo.co.uk
with file scan0079.xls attached

Appears to be a macro virus inside the Excel document so don't open it!
 
Email text is as below:
 
Afternoon

 

Attached are the tickets  you have requested

  

Kinds Regards kath

 

Milestone Holdings

 

Tel:   01676 541133

Mob: 07976 440015

Wednesday 6 May 2015

Email from Transport for London Virus / Malware


 There are many emails being sent today with this subject Email from Transport for London supposedly sent from email address noresponse@cclondon.com
 
These emails contain a Word document AP0210780545.doc that requires macros to be enabled to open it. DO NOT OPEN! This file contains a virus and will infect your PC, as of now (6 May 2015) it is not detected by the majority of Antivirus vendors.
 
 This virus appears to be ransomware and renames and encrypts files on your PC or network drives to demand money for the encryption key.
 
 It may well be a file called wiley5.exe that is the payload but this isn't yet confirmed.

Dear Customer,

 

Please open the attached file to view correspondence from Transport for London.

 

If the attachment is in DOC format you may need Microsoft Word to read or download this attachment.

 

 

Thank you for contacting Transport for London.

 

 

 

Business Operations

Customer Service Representative

Saturday 3 January 2015

Microsoft Money Quote Updates

A great update to have - a new version of the updater from Gaier software has been released that now picks up more quotes for MS Money.

I've just downloaded the paid version as I think the developer deserves some benefit from their hard work.

You can view the details here:


The note from the developer is below:


I wanted to let you know I have released version 2.0 tonight! 

This version switches to an entirely new online quote service.  The new quote service was built for the new MSN.com and MSN Money websites, and is also used by the Windows 8 Finance app.  The new online quote service is more reliable, has better symbol coverage, and should be here to stay for a long time.  It is backed by a Morningstar quote feed.

The MSN Money team has communicated to me the “old” quote service will be shutdown Jan 5th.  It seems they pushed the date back from the originally planned date of Dec 22nd 2014.  Good for us because it gave me more time to update my program!

As discussed in my previous email, this change required a significant amount of re-work to MSMoneyQuotes due to the new “symbology” format.  And thus I changed MSMoneyQuotes’s major version from “1” to “2”.
The approach my program uses to access online quotes has changed.  Instead of a single step to get online quotes using the symbols as-is from the Money file, there are now two steps: 
1)      The first step is to “resolve symbols”.  That means my program needs to map the symbols in your Money file (e.g. $US:INDU)  to a symbol on MSN Money (e.g. 126.10.!DJI.126.$INDU).  It uses the same service used by MSN Money’s “Quote Search” auto-complete input box to perform the lookup.  See the “Help and Support” section at the bottom of this page for more information: http://gaiersoftware.com/Money/DetailsAndHelp
2)      If it can resolve the symbol, then it uses the special MSN Money symbols (e.g. 126.10.!DJI.126.$INDU) to fetch online quotes.

You can see the two steps above in action if you use the –v verbose option.

I have also fixed a couple problems reported to me with regards to the FT.com import feature.  Specifically my program now handles symbols that have a double suffix  (e.g. SLXX:LSE:GBP, IGUS:LSE:GBX) and symbols that are 2 characters long with a suffix (e.g. AI:PAR, OR:PAR).

And lastly, as part of the above online quotes re-work, I have begun the effort to include currency exchange rates as part of the online quote update.  Look for that soon in version 2.1.  If you are interested in the feature, I’ll be looking for some beta testers in the near future.  Send me an email if you’re interested in participating in the testing.