Something a bit phishy about this…

We’ve all seen the dodgy emails pretending to be from banks, PayPal, and various other organisations, which are usually pretty bad attempts to steal your credentials and subsequently your money. In my line of work, I’ve seen some (really very badly done) emails with zipped trojans attached. Our mail filtering services blocks those quite nicely, though.

But today, I got something slightly different:

Very Phishy

Very Phishy

OK, it’s from a business I wasn’t previously aware of, but unlike most of the bad attempts, it’s addressed to my actual name, not to “dear customer” or anything like that. It’s neatly formatted and looks quite real. It’s only if you take the trouble to hover your cursor over any of the links that you’d be sure that it’s not what it seems:

Looks nasty

Looks nasty

Yup, all the links are pointing at a zip file, which is hosted on a different domain from the one they appear to be pointing to. A quick bit of searching produced an article from Sophos which talks about this exact message. The zip contains a trojan that would do nasty things if run on its target platform, Windows, which remains the most popular target for this kind of thing.

While I’ve seen similar attempts in the past, this is one of the most real looking I’ve seen.

Just a reminder that we all need to be alert – this one got past GMail’s normally very effective spam filters, presumably because of its similarity to a genuine order acknowledgement.

Sophos report