Nice bit of social engineering. Good thing for the attacker? Perfect spelling and grammar aren't needed/wanted, unlike when an email purports to come from a commercial/professional entity.
Always trying something new, they are. Kurt On Wed, Jun 24, 2015 at 9:06 AM, Richard Stovall <[email protected]> wrote: > Just thought I'd share an attack I saw targeted at some of our sales reps > with the group. > > Subject: stop spamming me > > Body: stop sending me offers from <redacted-domain>.com i am not > interested. i have attached the email i received from > user@<redacted-domain>.com. > please stop > > And of course there was an almost-certainly malicious Word doc attached. > (Confirmed by virustotal.com - > https://www.virustotal.com/en/file/1348b42e0ccc4f14ec10579975acd11e98337f2e2ce2cb7e7d8aa53240fcc95b/analysis/1435161674/ > ). > > Interestingly, our Barracuda blocked 2 of the 4 we received, quarantined > one, and let the fourth go through to one user. I monitor the quarantine > so I caught it and deleted it from the one user's mailbox before he had a > chance to open it. > > Here's a screenshot if anyone's interested: > > [image: Inline image 1] >
