Tuesday, 17 December 2013

It's a Fake and contains malicious code - FW: Corporate eFax message from +44 20 4272-5400 - 5 pages

Just got this one in... it had an attachment called eFax322767887D.zip which contains an executable file, either a virus or a phishing scam.
eFax Corporate 

You have received 5 pages fax at Tue, 17 Dec 2013 07:39:00 -0200.
*The reference number for this fax is efax_corp-322767887D.

Check the attached file for more information.

Please visit www.efaxcorporate.com/corp/twa/page/customerSupport if you have any questions regarding this message or your service.

You may also e-mail our corporate support department at corporatesupport@mail.efax.com.

Thank you for using the eFax Corporate service!

(c) 2013 j2 Global, Inc. All rights reserved.
eFax Corporate is a registered trademark of j2 Global, Inc. 

-----Original Message-----
From: eFax Corporate [mailto:noreply@efax.com]
Sent: 17 December 2013 09:39
To:  **** 
Subject: Corporate eFax message from +44 20 4272-5400 - 5 pages

Latest Scam eMails brought to you by MarketUK - Free Classifieds


Beware - Virus warning - FW: HMRC: Important Information for Employers

This is NOT a scam email, it is a Virus transporter.... if you get this in your email, DO NOT open any attachments that arrive with it, it is NOT from HMRC
Employer Bulletin Issue 45 out now

The latest version of the Employer Bulletin issue 45 has just been published.
This edition contains the latest information about filing your PAYE information in real time.

To find out more open the attached document(s)

Your next employer email alert is scheduled for February 2014

*** Please do not respond to this email

If you have any concerns regarding the validity of this or any emails received from HMRC go to our Online Security pages for more information by using the web address below.

-----Original Message-----
From: HMRC Employer Alerts [mailto:employers@alerts.hmrc.gov.uk]
Sent: 17 December 2013 15:08
To: *****
Subject: HMRC: Important Information for Employers



The only Purpose is to SCAM!!! - FW: My purpose of contacting you

Oh, and there was no attached message, ho hum!!
From the Desk of Mr. Edward Kong
Vice President & Branch Manager:
Industrial and Commercial Bank of China (USA) NA
Flushing Branch
39-02 Main Street
Flushing, NY 11354, USA
Dear friend,
I am Mr. Edward Kong, the Vice President and Branch Manager of Industrial and Commercial Bank of China (USA), Flushing Branch Flushing New York, USA. I write to seek your consent to carry out a transaction that would be highly beneficial to both of us. I know you may be wondering why I am contacting you for this despite all the friends and relations that I have but I decided to do this with an unknown person to avoid any form of blackmail in the future.  Mr. Alvin Peter Kappelmann Jr was an account holder with my bank. I have been his account officer for 9 years before his death. He died during the World Trade Centre bombing in September 11 2001. KINDLY OPEN THE ATTACHED MESSAGE. 
-----Original Message-----
From: Mr. Edward Kong [mailto:edwardkong24@yahoo.co.uk]
Sent: 16 December 2013 00:13
To: undisclosed-recipients:
Subject: My purpose of contacting you


Latest Scam eMails brought to you by MarketUK - Free Classifieds

Is this the worst scam attempt we've seen?.... Possibly! - FW: Notification

They want yu to contact them for 'more informations' - Guess they've been lolcats!! They've even tried adding a virus scan message!

The sum of Three Hundred Thousand Dollars USD has been deposited here in WESTERN UNION OFFICE by the United Nations Organization.Kindly contact us for more informations.

Contact Email: wumtdept@itbox.ro

Mr.Jack Brown
Customer Service
Western Union Office®

This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.

-----Original Message-----
From: ""Western Union Office®" <secdf@jfrs.gov.br>"@email.jfrs.gov.br [mailto:"=?utf-8?b?Ildlc3Rlcm4gVW5pb24gT2ZmaWNlwq4iIDxzZWNkZkBqZnJzLmdvdi5icj4=?="@email.jfrs.gov.br]
Sent: 14 December 2013 15:58
To: Recipients
Subject: Notification


Sunday, 15 December 2013

Lots of facebook scams about, they're all similar and ALL scams.

This one is typical of dozens we are seeing today... sent to facebook users



A Copy of Our PRODUCT AWARD NOTIFICATION LETTER is Attached for your Immediate Perusal and to Congratulate you on emerging the Second (2rd) prize winner in our Facebook Users and Customers award for 2013 .You are advised to contact the Facebook Payment Consultant immediately. Congratulations from the Staffs & Members of Facebook Social Networking United Kingdom.

Steve Hatch

Facebook Regional Director U.K

©Facebook 2013

Friday, 13 December 2013

NOT From T-Mobile - FW: T-Mobile MMS Service

This one contains a zip file called 'T-Mobile_voice_890D14E2CDA71148B15.zip' - In the zip file is an executable file, not the message you're supposed to get. It may be a virus or a phishin scam but we weren't prepared to find out which - AVOID it!
The original email is very short and sweet -
This e-mail contains a voice message.
Download and listen to message in attached file.

Passcode: D04B1911F9B8 


-----Original Message-----
From: T-Mobile [mailto:mdsx978a0@portamonkey.com]
Sent: 13 December 2013 14:42
To: ************
Subject: T-Mobile MMS Service



NOT from British Airways - FW: Your flight ticket number: #06E48DC938

This email is NOT from British Airways and comes with an attachment - DON'T open it!!
WARNING: An attachment has been removed by the ClamWin AntiVirus Scanner because it appears to contain a virus.


Dear  **** 

Your flight ticket number: #06E48DC938 is not activated yet!

In order to activate the ticket (confirming your identity) please download the attachment and follow the instructions.

Please print the confirmation and present it at the check-in point at the airport.



British Airways Plc, Waterside, PO Box 365,
UB7 0GB.

Registered in England: 1777777. VAT number: 222452988. Member of IATA & AEA.


 -----Original Message-----
From: British Airways Online [mailto:no-reply@britishairways.com]
Sent: 13 December 2013 12:26
To:  **** 
Subject: Your flight ticket number: #06E48DC938


Wednesday, 11 December 2013

Not from FedEx - FW: Shipping Confirmation

This is a phishing scam and does not lead to a FedEx site 


Dear  (email removed)   

We have a package for you!
Unfortunately some important information is missing to complete the delivery.
Please follow the link to verify your identity:

verify your identity now!

You have 24 hours to compleate the verification! Otherwise the package will be returned to sender!

Order confirmation number: 0353839735

Order date: 03/12/2013

Thank you for choosing FedEx.


This message has been sent by an auto responder system. Please do not reply to this message.

The content of this message is protected by copyright and trademark laws under U.S. and international law.
Review our privacy policy. All rights reserved.


 -----Original Message-----
From: Fedex [mailto:noreply@fedex.com]
Sent: 11 December 2013 06:56
To:  ****************************** 
Subject: Shipping Confirmation 




Be Carefu;!! FW: Someone you?re acquainted with has just sent you a photo

This is NOT from WhatsApp and the original attachment contained a virus!! 


Someone you know has just sent you a photograph in WhatsApp. Open attachments to see what it is.
? 2013 WhatsApp Inc

-----Original Message-----
From: WhatsApp [mailto:{messages@whatsapp.com}]
Sent: 11 December 2013 13:16
To: ***********************
Subject: Someone you?re acquainted with has just sent you a photo

IMG003299.zip: Trojan horse Generic_s.CKU
Checked by AVG - www.avg.com
Version: 2013.0.3462 / Virus Database: 3658/6909 - Release Date: 12/10/13

Tuesday, 3 December 2013

NOT from Mastercard - FW: Important notification for a Mastercard holder

Comes with an attachent similar to yesterday's Royal Mail post... this one's called MasterCard_EE4046DC31.zip - DO NOT OPEN



Important notification for a Mastercard holder!

Your Bank debit card has been temporarily blocked

We've detected unusual activity on your Bank debit card . Your UK Bank debit card has been temporarily blocked, please fill document in attachment and contact us

About MasterCard Global Privacy Policy Copyright Terms of Use

 © 1994-2013 MasterCard

-----Original Message-----
From: MasterCard [mailto:qfirmgmj@telepac.pt]
Sent: 03 December 2013 13:12
To: mark
Subject: Important notification for a Mastercard holder 

Monday, 2 December 2013

Virus Warning - FW: Mail - Lost / Missing package

Not from Royal Mail - Attachment is a zip file called 'Royal-Mail_0BFC68313B.zip' with an exe file in it! Don't open it.

Please share and help others.

 Royal Mail

Mail - Lost / Missing package - UK Customs and Border Protection

Royal Mail has detained your package for some reason (for example, lack of a proper invoice, bill of sale, or other documentation, a possible trademark violation, or if the package requires a formal entry) the RM International Mail Branch holding it will notify you of the reason for detention (in writing) and how you can get it released.

Please fulfil the documents attached.

Home | A-Z of Services | Help & support | Business help & support | Contact us | Mailing tools | Jobs

----Original Message-----
From: Royal Mail Group [mailto:taqxxmiamr@jazztel.es]
Sent: 02 December 2013 15:29
To: mark
Subject: Mail - Lost / Missing package


Find us on Facebook