(Page 2 of 2)
"On a related note, Symantec last week alerted that several social-engineering attacks were reported in Europe. Those attacks specifically targeted the finance department of some organizations," Zeng said. "The victim received a phone call from a person who claimed to be an employee of the organization and the victim was asked to process an invoice that he/she was about to receive. People are very easy to fall victim to such sophisticated attack as opposed to just an email or a phone call."
Watch Your In-Box
The specific email shown as an example in Graham Cluley's blogpost has a subject line that says, "invoice copy" -- and it's supposedly from Karen Parker at Tiffany.com. The body of the email reads:
Kindly open to see export License and payment invoice attached, meanwhile we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.
"Whatever you do, don't open the file attached to the email," Cluley warns. Contained inside the file invoice 'copy.zip' is the malicious Trojan horse, designed to compromise your computer.
Warn your friends and users, and as a general rule, remember to never open any attachment from an unknown source or even from a known source if you weren't expecting it or it just doesn't look quite right.
Posted: 2013-07-05 @ 8:07pm PT
thanks got one of these emails today