One of the latest tricks in the cyber-criminals’ bags is an email with the subject (it varies), “Death and Funeral Announcement.” Now, what normal person would see that and NOT open it? I know I did. What I DIDN’T do, of course was click the link which pointed to a site <domain name>.be. Here’s the text:
For this unprecedented event, we offer our deepest prayers of condolence and invite to you to be present at the celebration of your friends [sic] life service on Thursday, January 22, 2014 that will take place at Eubank Funeral Home at 11:00 a.m. Please find invitation and more detailed information about the farewell ceremony here . Best wishes and prayers, Funeral home receptionist, William Mccarty
After a few seconds of oh-my-god-who-died, I re-read the email and spotted the obvious bad grammar and realized this was a scan. Researching led me to discover that the link target delivers a Trojan. I also looked at the headers and found the originator was at IP address 188.8.131.52 (lookup tool) which has these attributes:
And that is enough to confirm that I certainly don’t want whatever they have!