| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 128358 | 2012-12-14 05:19:00 | New scam emails out of Australia? | Billy T (70) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 1318331 | 2012-12-14 05:19:00 | . . I've received two in the last two days, arriving via a dormant Xtra address once used by my daughter, but remaining aliased on my main Xtra email address. The first was for Queensland Transport and was in another class altogether when compared to the usual stuff. The English was impeccable and they had lifted complete sections from the QT website. The overall design was very convincing too, all but for one critical detail, our daughter is in Victoria, not Queensland. The attached file was a [filename].pdf.zip and I assume that opening the file will trigger the nasties. The next one was for Virgin Blue and was identical in quality, very convincing, and again carrying a [filename].pdf.zip file. I'm pretty sure these are scams, but there was nothing in the text to indicate what they were after, in fact if you had dealings with either organisation I reckon you would accept them as kosher. My question is, what sort of payload would they be likely to carry, and am I right to assume that opening the zip file would start the infection or other nasties? My guess is that they were after bank account details and passwords. Cheers Billy 8-{) :badpc: |
Billy T (70) | ||
| 1318332 | 2012-12-14 05:33:00 | I've seen the Virgin Blue one, it does look genuine, and in fact all the links to it go to genuine VB pages - but the attachment is not exactly full of friendlyness ;) | inphinity (7274) | ||
| 1318333 | 2012-12-14 07:08:00 | I've seen the Virgin Blue one, it does look genuine, and in fact all the links to it go to genuine VB pages - but the attachment is not exactly full of friendlyness ;) Smart Bastards :annoyed: What sort of payload would it be likely to carry? Cheers Billy 8-{) |
Billy T (70) | ||
| 1318334 | 2012-12-14 09:33:00 | open it in a virtual machine and find out?? | GameJunkie (72) | ||
| 1318335 | 2012-12-14 09:57:00 | ... - but the attachment is not exactly full of friendlyness ;) Please expand - what did it contain? |
Robin S_ (86) | ||
| 1318336 | 2012-12-16 10:16:00 | Received another this morning, Virgin Blue again. This message has been processed by Symantec's AntiVirus Technology. Virgin-Itinerary.pdf.XM3840.exe was infected with the malicious virus Backdoor.Trojan and has been deleted because the file cannot be cleaned. note that nNo zip file was used in this instance. For more information on antivirus tips and technology, visit http://ses.symantec.com/ In the header, this one contained one of my two business addresses and was From: "my name" <my logon@xtra.co.nz> To: <my logon@xtra.co.nz> Subject: FW: Your Virgin Blue Itinerary Date: Fri, 14 Dec 2012 17:43:05 +1300 It seems to indicate that I sent it to myself, but curiously, it was followed in the header by this: From: virginblue.com.au [mailto:itineraries@virginblue.com.au]=20 Sent: Thursday, December 13, 2012 12:38 PM To: [my daughter's alias name on my account]@xtra.co.nz Subject: Your Virgin Blue Itinerary Another quite convincing effort! Looks like there is a campaign running............ Cheers Billy 8-{) |
Billy T (70) | ||
| 1318337 | 2012-12-16 21:07:00 | Well atleast someone has taken the effort to make it look convincing. | Slankydudl (16687) | ||
| 1318338 | 2012-12-17 00:41:00 | Just had the neighbour rush over with this one, supposedly from Westpac Australia. (She has an account with them) She has rung the local branch who are treating the matter very seriously and have even contacted Australia. However, they have put a hold on all her accounts here and Aus until she calls into the local branch with a copy of the E-Mail. What a pain. So she is off down there now trying to sort things out. Anyway, this is what it looks like with her ID blacked out. |
B.M. (505) | ||
| 1318339 | 2012-12-17 04:53:00 | Here is yet another. These are no longer an oddity, they are the makings of a campaign: ---------------------------------------------------------------------------------- Transaction Receipt Jackgreen EnergySydney, NSW, Australiawww.jackgreen.com.au1300 46 5225 [note the missing spaces in this line]. Client Reference/Invoice Number:6377876529 Please refer to attacehd file for full Transaction Receipt Details Please keep these details on record for reconciliation purposes. Content-Type: application/zip; name="Jackgreen-Energy-Transaction-Receipt.zip" Content-Transfer-Encoding: base64 Content-ID: <003701cddc33$e199d390$c110a8c0@H715M8> ---------------------------------------------------------------------------------- That was extracted from the header in mailwasher. You may not see the zip file in your browser, it might just show as a link. Smarter members than I might be able to expand on that comment. Cheers Billy 8-{) |
Billy T (70) | ||
| 1318340 | 2012-12-18 01:03:00 | Have also had one from Vodafone thanking me for a non-existent payment I made! Also another pxt from a number I don't even know (an Aussie 061.....). Just gotta be careful I guess. Oh yes - both with attached ZIP files! Open these please (LOL) |
ManUFan (7602) | ||
| 1 2 | |||||