Thank you for your payment!

Filed Under: SophosLabs, Spam

It seems there's a new scam flooding our mailboxes today which uses a technique which may get people to panic into doing something they shouldn't. We've seen a number of different messages all using the same technique of thanking the user for having made a payment for a service or product that the user didn't order.

Chase

Each message also conveniently contains a link to view or track the order -- but of course these aren't links to the actual websites. Interestingly enough they don't lead you to phishing pages, but rather to a compromised domain containing a script that redirects the user to whatever payload the scammers desire. Currently it's redirecting to a Canadian Pharmacy page, but earlier in the campaign they were leading to a FakeAV page which we're detecting as Mal/FakeAV-EI.

As always, pay attention to the link you're about to click when going through your email. In some cases, simply clicking the link will be enough to infect your machine with a drive-by-download, although keeping your browser up to date, using a browser such as Firefox and using a plugin such as NoScript can prevent many of these infections.

,

You might like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s