Account notification email warning? Don't follow the instructions

Filed Under: Malware, Spam

If you're returning to an overflowing inbox after the Easter holiday weekend, make sure that you don't fall for the latest scam being distributed widely by spammers.

Emails claiming that recipient's accounts have been temporarily suspended are being seen around the world today, attempting to trick users into believing that their email account has been accessed by somebody else.

The spammed-out emails try to hoodwink users into running the attached file (Instructions.zip) which is, predictably, carrying a malicious payload.

Malicious account notification email

Here's what the emails look like:

Dear Customer,

This e-mail was send by example.com to notify you that we have temporanly prevented access to your account.

We have reasons to beleive that your account may have been accessed by someone else. Please run attached file and Follow instructions

(C) example.com

In an attempt to make the email more convincing, the attackers reference the domain name (for instance, example.com) used by the recipients' email account in the emails they are spamming out.

Sophos detects the malicious attachment proactively as Mal/FakeAV-BT and Mal/BredoZp-B, but users of security products from other vendors would be wise to ensure that they are properly updated and protected.

The hackers are once again using a tried-and-trusted social engineering trick (in this case trying to fool you into believing that your account has been compromised) to lure you into the serious mistake of opening the attached file.

Wiser computer users should have learnt by now that you should always be extremely suspicious of unsolicited attachments.

You might like

About the author

Graham Cluley runs his own award-winning computer security blog, and is a veteran of the anti-virus industry having worked for a number of security companies since the early 1990s. Now an independent security analyst, he regularly makes media appearances and gives computer security presentations. Send Graham an email, subscribe to his updates on Facebook, follow him on Twitter and App.net, and circle him on Google Plus for regular updates.