Jump to content

Fake BoBijou Order Notifications Spread Scareware

Starbuck
 Share

Recommended Posts

  • ExTS Admin
Starbuck Newbie

Starbuck

Posted
  • ExTS Admin
Posted

A new wave of scareware-carrying emails are posing as order confirmations from a pearl jewelry manufacturer called BoBijou in an attempt to trick recipients to open malicious attachments.

 

According to independent security consultant Dancho Danchev, who analyzed the new attack, the emails bear a subject of "Successfull Order [number]" and carry an attachment called Order_details.zip.

 

The body message is aimed to scare recipients into believing that their credit card has been wrongfully charged and as a result, open the executable file inside the zip archive. It reads:

 

"Thank you for ordering from Bobijou Inc.This message is to inform you that your order has been received and is currently being processed.

 

"Your order reference is [number]. You will need this in all correspondence. This receipt is NOT proof of purchase. We will send a printed invoice by mail to your billing address.

 

"You have chosen to pay by credit card. Your card will be charged for the amount of 262.00 USD and 'Bobijou Inc.' will appear next to the charge on your statement.

 

"You will receive a separate email confirming your order has been despatched [sic.]. Your purchase and delivery information appears below in attached file."

 

Opening the "Order details.exe" file contained in the attachment would be a very bad idea because it is actually a trojan downloader whose purpose is to install a poorly detected scareware program.

 

The fake order notification lure is an old trick used to spread malware in recent years. The fact that cyber criminals keep using it suggests that it is still successful enough to justify the effort.

 

Users are strongly advised to treat email attachments with caution. All files received in this manner, even if from what appear to be trusted sources, should be scanned with one or more antivirus programs before opening. Services like Virus Total are a simple solution to do that.

 

 

Source:

http://news.softpedia.com/news/Fake-BoBijou-Order-Notifications-Spread-Scareware-197484.shtml

Member of:

UNITE

  • Replies 0
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...