Did you open your email inbox this morning to find an email like the following?
Kindly open to see export License and payment invoice attached, meanwhiole we sent the balance payment yesterday.
Please confirm if it has settled in your account or you can call if there is any problem.
Whatever you do, don’t open the file attached to the email.
Contained inside the file invoice copy.zip is a malicious Trojan horse, designed to compromise your computer.
Sophos products detect the malware proactively as Mal/BredoZp-B, but users of other vendors’ products should check that their software is fully up-to-date and defending against the threat.
Curiously, samples of the malware campaign intecepted by SophosLabs claim to come from the world-famous jewellers Tiffany & Co.
This may be a deliberate ploy on the part of the criminals behind the attack to tempt more people into opening the attachment.
Of course, it’s child’s play to forge email header information, and there is no suggestion that the messages were really sent by Tiffany’s. If anything, they are also victims of this campaign.
Little blue boxes from Tiffany & Co. are the stuff of dreams for many. Don’t let an unexpected email delivery – apparently from the company – make you so giddy with an excitement that you end up with a computer nightmare.Follow @gcluley