Today I got this scam email below. I Googled some of the text in the document and found this good article here about the dangers of opening the file that was sent to me:
https://myonlinesecurity.co.uk/spam-malware-scan-d34d94c50b_d8b8aad5ba-hp-scanjet-pretending-to-come-from-your-own-domain/
Regarding the email that was sent to me, the 'from' address was:
qwer0@bridgecatalog.com
Note: that is MY domain name, but they spoofed it so that it looks like it came from my server. It didn't. It really came form here: alshamil.net.ae / etisalat.ae That's a Middle Eastern email provider.
///////////////////////////////////////////////////////
Subject line:
https://myonlinesecurity.co.uk/spam-malware-scan-d34d94c50b_d8b8aad5ba-hp-scanjet-pretending-to-come-from-your-own-domain/
Regarding the email that was sent to me, the 'from' address was:
qwer0@bridgecatalog.com
Note: that is MY domain name, but they spoofed it so that it looks like it came from my server. It didn't. It really came form here: alshamil.net.ae / etisalat.ae That's a Middle Eastern email provider.
///////////////////////////////////////////////////////
Subject line:
Scan #B545F39BB7_CA32312544
///////////////////////////////////////////////////////
Body of message:
Scanner:
Scanner id: B545F39BB7_CA32312544
Scanner Program: HP Scanjet 300 Flatbed Scanner
Software ver. #8901766876.#92274432.#0092133
File: MSG0008789308
To: [my email address]
------------------------------------------------------------
Save time with fast scanning speeds and intuitive controls.
Set up quickly, using a single cable. Enjoy high-resolution
document detail. One-touch scan-to buttons let you start
working and sharing fast. Place this compact scanner almost
anywhere.
------------------------------------------------------------
///////////////////////////////////////////////////////
The attached malware file is named:
msg0008789308.docm
///////////////////////////////////////////////////////
Here is the raw header:
Content-Type: multipart/mixed; boundary="------------039084853536147527459673"
Mime-Version: 1.0
X-Smartermail-Spam: SPF_SoftFail, Spamhaus - PBL2, UCEProtect Level 2, Commtouch 0 [value: Unknown], ISpamAssassin 0 [raw: 0], DK_None, DKIM_None
Return-Path:
Return-Path:
Received: from bba429025.alshamil.net.ae (bba429025.alshamil.net.ae [83.110.239.19]) by pacu.viviotech.net with SMTP; Thu, 19 May 2016 08:50:53 -0400
X-Smartermail-Totalspamweight: 19
X-Ctch-Refid: str=0001.0A090203.573DB6A5.00EF,ss=1,re=0.000,recu=0.000,reip=0.000,cl=1,cld=1,fgs=0
Message-Id:
SPAM-MED: Scan #B545F39BB7_CA32312544
When i put in that domain (alshamil.net.ae, the true sender of this message), I'm redirected to this site:
http://www.etisalat.ae/nrd/en/index.jsp
Do not open the above message or any messages that resembles it.
