Yet another phishing e-mail

Discussion in 'Computers' started by ShiftZZ, Nov 7, 2012.

  1. ShiftZZ

    ShiftZZ Funster Life Member

    Joined:
    Feb 19, 2008
    Messages:
    19,821
    Likes Received:
    35,895
    Location:
    Leicestershire
    Been getting a lot of mail with a zip file attached, I suspect its either some malware or something...

    The latest.

    "Westminster Pay by Phone Parking Receipt

    Location: 4046
    License: BGMT09M

    Description: St Barnabas Street

    Start Parking: 2011/11/05 12:20pm
    Stop Parking: 2011/11/05 01:20pm
    Cost: 33.30 including Service Charge

    You can access a full list of all your parking transactions in the attached file

    Thank you for using Westminster City Council's Pay by Phone parking service"


    So be aware...
     
  2. buttons

    buttons Funster

    Joined:
    Aug 27, 2009
    Messages:
    12,948
    Likes Received:
    10,721
    Location:
    Hertfordshire
    Are you two a double act....:Laughing:
     
    Last edited: Nov 7, 2012
  3. Chris

    Chris Funster Life Member

    Joined:
    May 5, 2010
    Messages:
    16,443
    Likes Received:
    34,525
    Location:
    kent
    I got that one this morning Shiftzz.:Angry:
     
    • Like Like x 1
  4. icantremember

    icantremember Funster

    Joined:
    Sep 2, 2010
    Messages:
    5,061
    Likes Received:
    7,112
    Location:
    Nr Watton in Norfolk
    Are you having some secret affair with Jaws?:Eeek:
     
    • Like Like x 1
  5. hilldweller

    hilldweller Funster Life Member

    Joined:
    Dec 5, 2008
    Messages:
    26,462
    Likes Received:
    25,156
    Location:
    Macclesfield
    Just got mine !

    It's almost as if they've hacked into the FUN database. Or they've sent out millions today.

    =================================
    Westminster Pay by Phone Parking Receipt
    Location: 2989 License: 90NBU37
    Description: Ebury Bridge Rd
    Start Parking: 2011/11/05 12:20pm
    Stop Parking: 2011/11/05 01:20pm
    Cost: 22.50 including Service Charge
    You can access a full list of all your parking transactions in the attached file
    Thank you for using Westminster City Council's Pay by Phone parking service
     
    • Like Like x 2
  6. Johns_Cross_Motorhomes

    Johns_Cross_Motorhomes Trader - Motorhome & Accessory Sales

    Joined:
    Jan 5, 2008
    Messages:
    9,248
    Likes Received:
    5,199
    Location:
    East Sussex 01-580-881288
    Why do I miss out :cry::cry::cry:on these nice emails?

    I was parked up in Harley Street (Westminster) and only paid 51p for 5 minutes which then gave me an hour free on a Blue Badge.:Rofl1::Rofl1::Rofl1:

    Peter
     
    • Like Like x 1
  7. ShiftZZ

    ShiftZZ Funster Life Member

    Joined:
    Feb 19, 2008
    Messages:
    19,821
    Likes Received:
    35,895
    Location:
    Leicestershire
    Now from Vodafone.

    Another today,,,

    Vodafone MMS message
    mms@vodafone.co.uk

    You have received a picture message from mobile number +447550780459
    To save this picture, please save attached file.



    http://www.h-online.com/security/news/item/Malware-disguised-as-an-MMS-message-1743608.html
    Malware disguised as an MMS message

    The phone number from which the message was supposedly sent varies Cyber criminals are currently spreading malware by sending a large number of email messages purporting to be from Vodafone's MMS gateway. These emails have the subject "You have received a new message" and claim that the recipient has been sent a picture message over MMS from a Vodafone customer.

    The Vodafone email address used and the supposed telephone number sending the messages varies; even the country code is changed based on the location being targeted. For example, in the UK emails are being sent from mms@vodafone.co.uk and have the the +44 country code, while in Germany the messages claim to come from mms@vodafone.de and carry a +49 in front of the mobile number.

    The messages say that a picture message is in the attached "Vodafone_MMS.zip" file. However, once unzipped, it only contains an executable named "Vodafone_MMS.jpg.exe" that will install malware onto a victim's system when launched. According to VirusTotal, the malware is currently only detected by just 8 of 44 anti-virus programs used by the online virus scanner service.

    An analysis of the file in a sandbox leaves no doubts about its malicious intentions: among other things, it copies itself to C:\Documents and Settings\All Users\svchost.exe and then hides itself under SunJavaUpdateSched to launch when Windows first boots.
     
  8. Jim

    Jim Ringleader

    Joined:
    Jul 19, 2007
    Messages:
    25,861
    Likes Received:
    76,262
    Location:
    Sutton on Sea
  9. Chris

    Chris Funster Life Member

    Joined:
    May 5, 2010
    Messages:
    16,443
    Likes Received:
    34,525
    Location:
    kent
    What I have noticed lately is dodgy e-mails that seem to come from a valid source - that source being your own firm.

    This morning I got an e-mail from accounts@ (My firms web address).

    Sly little sods arent they?
     
  10. Jim

    Jim Ringleader

    Joined:
    Jul 19, 2007
    Messages:
    25,861
    Likes Received:
    76,262
    Location:
    Sutton on Sea

    They can guess a lot of addresses, accounts@ admin@ pr@ John@ etc, but I would still get your company mail system scanned:thumb:
     
  11. ShiftZZ

    ShiftZZ Funster Life Member

    Joined:
    Feb 19, 2008
    Messages:
    19,821
    Likes Received:
    35,895
    Location:
    Leicestershire
    Even More

    DHL Express
    Tracking Notification: Thu, 8 Nov 2012 12:34:31 +0100
    ________________________________________
    Custom Reference: 19215O8058
    Tracking Number: PO61769483
    Pickup Date: Thu, 8 Nov 2012 12:34:31 +0100
    Service: AIR
    Pieces: 3
    ________________________________________


    Thu, 8 Nov 2012 12:34:31 +0100 - Processing complete successfully
    Refer to attached report for full details.
    ________________________________________


    ________________________________________
    Shipment status may also be obtained from our Internet site in USA under http://track.dhl-usa.com or Globally under http://www.dhl.com/track
    Please do not reply to this email. This is an automated application used only for sending proactive notifications

    Thanks in advance,
    DHL Express International Inc.
     
Loading...

Share This Page