Posted by: Ken Harthun
Email security, Fraud, Malicious Website, Malware, Security, Trojan
Got an interesting email this morning purportedly from “firstname.lastname@example.org” with “Your Wire fund transfer” as the subject. Here’s a screen shot:
This appears to be a warning of some sort, though it really makes little sense. The link points to a Slovenian domain name and if the victim clicks the link, they are taken to a 404 error page that attempts to download a PDF file, undoubtedly infected with an info-stealer of some sort.
The header is real, linked from the actual federalreserve.gov website which is intended to make the victim believe the email is real, which, of course, it is not. Examination of the headers shows a Return-Path to a Gmail address.
Please inform your family and friends to immediately delete this email should they receive it.