I received a rather official looking company email today informing me of “New Outlook Settings” from the “Administrator”.
Further inspecting this email I open it and found the following message with an attachment (Outlook.zip):
"Please carefully read the attached instructions before updating settings. This file either contains encrypted master password, used to encrypt other files. Key archival has been implemented, in order to decrypt the file please use the following password: PaSdIaoQ This e-mail and / or any attachment(s) is intended solely for the above-mentioned recipient(s) and it may contain confidential or privileged information. If you have received it in error, please notify us immediately at helpdesk@******.com and delete the e-mail. You must not copy it, distribute it, disclose it or take any action in reliance on it. "
This sounds very technical right!? It must be a real email right? Unfortunately this is a fake email intended for an unsuspecting computer user to open the Outlook.zip attachment to install a virus or backdoor onto their computer. Many emails circulate the Internet claiming to be something that they are not, and in fact are computer viruses waiting for an unsuspecting victim to open the attachment and install the virus onto the vicitims computers.
I looked at the actual email header file and noticed the first line Return-Path was set to fraud@a**p.com and the email originated from an Indian broadband company that provides “Prepaid Postpaid Mobile Services”. That is definately not the company email server at all.
Here is the email header:
"Return-Path: X-Original-To: myuser@*******.com Delivered-To: myuser@*******.com Received: from ABTS-North-Dynamic-***.***.***.***.a**********d.in (unknown [*.*.*.*]) by mail.********.com (Postfix) with ESMTP id 93E0CDCB4D4 for ; Tue, 12 Nov 2013 10:20:37 -0600 (CST) Received: from outlook530.*******.com (*.*.*.*) by *******.com (*.*.*.*) with Microsoft SMTP Server (TLS) id 9GGUFI93; Tue, 12 Nov 2013 21:15:39 +0530 Received: from outlook5199.*******.com (*.*.*.*) by smtp.*******.com (*.*.*.*) with Microsoft SMTP Server id ******; Tue, 12 Nov 2013 21:15:39 +0530 Date: Tue, 12 Nov 2013 21:15:39 +0530 From: "Administrator Message-ID: To: Subject: Important - New Outlook Settings MIME-Version: 1.0 Content-Type: multipart/mixed; Content-Type: application/zip; name="Outlook.zip" Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="Outlook.zip""
This email appears to look very important, technical, and official and could be easily mistaken as an important company email or important email service providor email, however is SPAM with a virus attachment and should NOT be opened.
If you receive this email or a similiar email, do not download or open the attachment.
If you opened this email by accident, you should bring your computer into South City Computer, or to a local computer repair store near you today for a full computer virus scan and removal or computer restore services.