These are seven new malicious emails you should stay clear of — emails from YouTube, Google, Facebook, LinkedIn, British Airways, and DHL Express

dotTech has gotten into the habit of warning our readers about web security issues, namely malicious emails that make their rounds in the inboxes of people around the world — such as the fake Windows Update password stealing email and the fake email from Microsoft. The following are seven new malicious emails you should avoid if you ever see them in your inbox.

Fake Email from Facebook

This email pretends to be an email from Facebook of a couple’s conversation in Spanish. Most English readers would probably stop reading when they see Spanish but the video of the naked girl may draw in a few fools. Clicking on the link in the email doesn’t actually download a video of a naked Spanish vixen but rather downloads “Video_Multimedia.exe”, a trojan.

Fake Email from DHL Express

This email pretends to be from DHL, a well known package delivery and courier service. (For those dotTechies that live in the United States where DHL isn’t big, think of it like the UPS of the rest of the world.) The email lets you know that your package has been processed and you can receive more information by opening the attached file “DHL_Express_Processing_complete.pdf.zip”. If you are unlucky enough to open the file, you are infected with the trojan it holds.

Fake Emails from YouTube

The above are actually two separate fake emails, both which pretend to be from YouTube.

The first email tells you that your YouTube video has been flagged by YouTube as containing copyright content, and tells you to open the attached file to learn more. The attached file, “Content_ID755658_Matches.zip”, contains a trojan.

The second email tells you that your YouTube video has been to the the “TOP of YouTube”, and provides you convenient links to click on. Clicking on the links redirect you to either spam websites or websites with malicious content (I don’t have enough information on the second to specify exactly where it leads).

Fake Email from Google

This fake email is similar to the previous YouTube one, pretending to tell you that your YouTube video is ranked #6 based on user ratings. This time around, however, it pretends to be from Google — not YouTube. (Technically they are the same since Google owns YouTube, but, yeah, semantics…) Like the previous email, clicking on the link provided to you redirects you to spam websites or websites with malicious content.

Fake Email from LinkedIn

This fake email pretends to be from LinkedIn (aka Facebook for professionals) telling you that you have new messages. The email conveniently provides you with links to click on to access your messages on LinkedIn. However, instead of sending you to LinkedIn, the links send you to spam websites or websites with malicious content.

Fake Email from British Airways

This fake email pretends to be from British Airways, letting you know of the e-ticket you just recently booked with BA. The sender of the email is kind enough to even attach the e-ticket to your email — “BritishAirways-eticket.zip”. The attachment indeed does contain a ticket… a ticket for free access to a trojan.

Conclusion

All of the emails mentioned in this article are fake, malicious emails that try to appear legitimate by spoofing their “from” address to look like it is from a company you would otherwise trust. However, further evaluation of the emails show they are clearly fake — if being in Spanish isn’t a dead giveaway then how about the grammatical and spelling errors?

In any case, any competent spam filter should automatically send these emails to the junk/spam box because of their modified headers. Still, if you do happen to see them in your inbox and you happen to open them, do not click on any links or download any attachments.

Stay safe!

[via Sophos (1) (2) (3) (4) (5)]

 

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

11 comments

  1. Rob (Down Under)

    Don’t use Safari
    I last tried it 2 years ago, and gave up as it couldn’t do a couple of things that other browsers can do. (I don’t recall what they were).
    It is still in my system (ver 4 ‘ish).
    Having an open mind I thought “give it a go and try the latest version”
    It installed tons of stuff, and then froze my PC (XP Pro SP3 32 bit).
    Windows would no longer start (even last known good configuration would not work). I have not imaged for over a week, but luckily was able to get into System Restore, and restore to an earlier Restore point.
    Apple are irritating at the best of times. Don’t use their products.
    Rob
    PS I just tried to run the two year old version of Safari (to get the exact version number), and even that now crashes.
    Adobe Acrobat (not the free reader) is horrendous in the list of things it installs. Safari now ranks 2nd on that list.

  2. fat reduction

    Hey there just wanted to give you a quick heads up.

    The words in your article seem to be running off the
    screen in Safari. I’m not sure if this is a formatting issue or something to do with browser compatibility but I figured I’d post to
    let you know. The design and style look great though! Hope
    you get the issue fixed soon. Cheers

  3. pm55

    I would like to thank you so much for sending out these alerts as on at least two occasions you have saved my computer butt from disaster. Some of these malicious emails are easier to spot but some are getting very scary how well done they are as fakes. Please keep me informed it is helping.

  4. J.L.

    @Mark: Highly unlikely, unless maybe you are using outdated WinZip, WinRar, or even 7-Zip (or it’s derivatives). I’d label that as unreasonable paranoia, along with text files, virtually all videos, and most images (as long as you don’t use anything Microsoft other than Notepad and Internet Explorer 9+ with UAC+Windows Defender+WIndows Updates).

    They are called zero-day exploits (which lasts less than 24 hours for like 90%), and generally only target outdated closed-source popular software. Except for mainstream software like Microsoft’s built-in ones, they usually are very rare (more than some illegal materials) and censored quite heavily.
    Outside of malicious servers that Google rarely indexes, infecting a popular website’s server (with any technical skills) nowadays requires at least infection of both Linux (or another server OS) and Windows.

    My paranoia was actually quite similar before learning more about computer science. Although I live outside of USA, it’s influence is far too great to ignore.

  5. Mark

    “… you can receive more information by opening the attached file “DHL_Express_Processing_complete.pdf.zip”. If you are unlucky enough to open the file, you are infected with the trojan it holds.”

    Can one really catch a virus from simply unarchiving a zip file, without opening any of the files in the archive? Or is it actually an executable file that masks itself as a zip file? (And if it’s the latter, how does that work?)

  6. J.L.

    @Rob (Down Under): Historically yes, if you block JavaScript and plugins by default. Unfortunately, WOT and Avast WebRep wouldn’t help (Network and Web Shields works as programmed), because one just puts a warning after loading the website, and the other stays as an icon.
    That is unless they’ve updated on Firefox (last experience = 4 months ago). No clue about Site Adviser.
    I would recommend something like Norton DNS if you can stand proxies being blocked. There are weaker alternatives, but I signed up to them when they allowed custom blocking. Similar software include PeerGuard, a HTTP scanner (like AV component), and/or third-party Firewall with blacklist importing (Outpost/Online Armor).
    The last one requires serious technical skills, unless you opt-out of their HIPS, which is like UAC prompts on steroids (and memory retention).

    If you are truly interested in security outside of installing software, there is Sandboxie and EMET. Chrome appears to implement something like the above two, especially latter one. The former can be used to test installs yourself as well, but I use VirusTotal, URLVoid, Comodo File Verdict Service, and sometimes Anubis. If I trust the website, a VirusTotal link is enough to convince me. If I have the software installed, I’m usually too lazy to check the update. If it’s too big, then time for my array of on-demand scanners and VirtualBox.

    Since I’m lazy, I use click-to-play for plugins, ScriptNo blacklisting (sources: MVPS HOSTS, hpHOSTS (ad / tracking servers), Peter Lowe’s HOSTS Project, MalwareDomainList.com, and DNS-BH – Malware Domain Blocklist), WOT, BitDefender TrafficLight (which appears to intercept before fully loading, the extension at least), Norton DNS, EMET, and the usual x2 (separate anti-malware with full compatibility because it’s on-execution not real-time). Disabled Windows Defender, because it’s actually less compatible with Avast.
    Edit: UAC and Firewall are on of course. I’m lazy, but far from an average user being knowledgeable about Task Scheduler, Services, Drivers, and SYSTEM processes that bypass it. Then again, it may be Linux sudo experience.

  7. Anak

    I just received another FBI/ holding 4.1million/ at JFK airport/ consigned to me/ must contact within 72hours or I’ll be charged with money laundering/ don’t contact anyone in Nigeria scam.

    What gets me is what type of scanner do “they” use to tell there is money inside the trunks?

    It is always the same; FBI agent, 4.1, JFK airport, 72hours, laundering, Nigeria.

    I’m also getting a lot of spam from .pl now (Poland).

  8. J.L.

    Nothing special, you have to be dumb enough to run the software yourself or write sensitive text to phishing sites.

    I’ll be surprised if anything infected any modern web browser (especially Chrome, ignoring this complete fail at the definition of drive-by) by just visiting the site.