This week’s scam is an example of a common form of phishing – infected attachments.
Phishing emails often have links that take you to a spoof website where ultimately credentials and other personal information is stolen. But there is more than one way to skin a cat and cybercriminals also use malware-infected attachments to infect your computer.
Phishing Email Attachments
A report by Trend Micro found that when infected attachments were used in phishing emails, the most likely way they were presented was as a purchase order, payments, invoice, or receipt. However, this week’s malicious attachment scam was none of those things.
The scam email received was a spoof Apple email. In fact, we received several of these emails, all with the same profile.
The email read like a reminder of a support issue about suspicious account activity.
Reminder 】【Summary Revision Account】: The latest issue of the account activity has been updated and received the mail Sat, August 31, 2019 6:23 PM [Fwd]
There was very little actual content in the email. This may seem counterintuitive – surely more content would be more engaging to the recipient? Perhaps not, a shorter, more succinct message might pique the interest and encourage the opening of the attachment.
What is in a Malicious Attachment?
Malicious attachments, like the PDF in this Apple spoof email, generally contain malware. The malware types vary, depending on what the fraudster has rented from the rent-a-phishing kit mob. Trojans are popular malware for phishing attachments. Trojans can do all sorts of nefarious actions on your computer, from stealing your bank login credentials to turning your computer into a bot to then mine cryptocurrency.
Some malicious PDF attachments do not contain malware. Instead, they have phishing links that take you to a spoof website. If you enter personal details or login credentials they will be stolen by the fraudster behind the scam.
In this case after analysis, we found that the malicious PDF in the spoof Apple email did contain malware, but this time we were unable to identify the specific malware variant.
What to Do If You Receive an Apple Email You Suspect is a Spoof
You should not click on any links or open any attachments in an email from ‘Apple’ that seems in any way suspicious.
If you genuinely have issues with your Apple account, enter the Apple URL into your browser directly to access your account or contact Apple.
After analysis, it seemed that this particular scam seemed to be focusing on infecting Windows computers.
However, Apple computers are also at risk of a malware infection. If you have an Apple computer and use Safari to open emails, make sure that you have disabled the “open safe files after downloading” option in Safari Preferences/General.
If you use other browsers to access email you should also look at the preferences to ensure that on downloading a file, it does not automatically open.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The Infected Attachment Apple Scam
A spoof Apple email that contains a malicious PDF attachment is being used to infect computers. The email is on the topic of suspicious account activitybut has little text content. It contains an infected PDF attachmentwhich could infect your computer.
DO NOT OPEN ANY ATTACHMENTS IN THIS EMAIL
For more information on what to do if you receive a phishing email check out “What to Do if You Click on a Phishing Link?”
Don’t forget to share this with your colleagues and friends and help them stay safe.