Over the last week or so I’ve received two batches of slightly different DocuSign phishing attempts. They are typical “click a link in the email that downloads a malicious .doc you have to enable macros in” attacks, though the first time I’ve seen DocuSign as the bluff. Also somewhat interesting that these attacks seem to …
Tag Archives: vbscript
[DOMAIN]_contract
The following email was received by a client (email domain redacted to “<DOMAIN>”), with an attachment named “<DOMAIN>_contract.doc”: From: jiazw@neusoft.com [mailto:jiazw@neusoft.com] Sent: Wednesday, July 13, 2016 9:29 AM To: <EMPLOYEE NAME> Subject: Re: <DOMAIN> contract I have attached our contract. Please check it and let me know if you want to add any changes. Thank …
Re: unknown charge on my card
I received the following email from our address on a clients system (with their email domain name redacted): From: denise@chefspecialties.com [mailto:denise@chefspecialties.com] Sent: Thursday, June 16, 2016 6:36 AM Subject: Re: unknown charge on my card What is this $816.27 charge on my credit card? It shows this amount charged by <REDACTED DOMAIN NAME>. Please check …
letter.hta – Ransomware
This email was a reply to what seemed to be a completely legitimate email from a client. The email contained a password-protected .rar file named after the recipient (May have been passed using first & last name in unsuspecting senders contacts list?). The reply message: Hi, I attach a scanned copy of the letter to …