CIO Update: 12/15/17

It’s Christmas time, so hackers and virus writers have been busy looking for presents. Here is a list of latest emails they are utilizing to access your computer.

  • “MS SUPPORT OFFICE” – Phishing Emails
  • “RE: Email changes & outage” – OWA-Themed Phishing Emails
  • “Invoice Due Date” Phishing Email
  • “Meeting Scheduled” – Phishing
  • “georgeryn3[@]gmail[.]com sent you files via WeTransfer” – Phishing
  • “RE: RE: shipping inquiry regarding order 30525045” – Phishing
  • “Thank you for purchasing from InsureandGo [LETTERS/NUMBERS]” Insurance Themed Phishing Emails
  • Office 365-themed Pony phishing e-mail
  • “Исковое заявление” and “Выписка” – Cobalt Group (aka Cobalt Gang)
  • “Parcel Delivery Notification” – Phishing
  • “NOVA MENSAGEM – 1275283” – Phishing
  • “ACHRemittance_TC_DP08065” Phishing Email
  • “Thank you for shopping with Amazon” – Phishing Email
  • “We Limited your Credit Card activities” – AmEx themed
  • “Account verification” – PayPal themed phishing
  • Apple Themed Phishing Campaign Targets Government Sector
  • “HOI Request” – Phishing
  • “Validation Secure Message” – Phishing
  • “RE: PROPOSAL” – Phishing
  • “secure message” – Whaling Attempt
  • “Delayed Delivery Note/TNT Week Celebration *****Happy Xmas in advance from us at TNT*****”- Pony (aka Fareit) Malware Campaign
  • WeTransfer Themed Malspam – Phishing
  • “Special Survey” – Phishing
  • “Info” – Fraudulent Wire Fraud Attempt
  • “INVOICE & BDN – M.V. CASPIAN SEA” – NetWire RAT malware campaign
  • “SV: Snabb Order #11122017” – Fraudulent wire fraud attempt against local CFO / Sweden
  • “Dokumente 87561314976 “- Emotet Phishing
  • “An_employee_has_been_terminated” – Kronos / ScanPOS Phishing E-mail
  • Extortion email threatening violence to staff member
  • “TNT-Shipping Documents” Phishing Email
  • “Separate Remittance Advice Layout – paper document A4” – Payment Themed Phishing E-mail
  • “Invoice RE-2017-12-12-00690” – Phishing
  • DocuSign-themed credential harvesting phishing email
  • “Invoice RE-2017-12-12-00690” – Phishing
  • “Failed invoice notice” – Phishing
  • “Fw: RFQ:A-19-002-150-E02” – NanoCore RAT Phishing Email
  • “Reconfirm Attached Invoice” – Predator Pain Keylogger Phishing Email
  • “Your DHL Parcel Tracking Number 8061132051697038 Has Arrived” – Phishing
  • “Internet Banking” – Phishing
  • “Your Copy” – Phishing
  • “New incoming fax from # – (Date)” – Fax-themed phishing emails
  • “Your current billing information”- Amazon Themed Phishing Email
  • Multiple Subjects – Payment Themed Emotet Phishing E-mails
  • “EA051217 PRICELIST and Request for Quotation” – Pony (aka Fareit) malware phishing email