Fake Payment Confirmation’ scam emails
A series of new spam emails that target computer users and attempt to infect them with a variant of a ZBOT trojan have been discovered.
The e-mail attempts to persuade a recipient to open an attachment and claims that the said attachment contains a payment confirmation for the recipient. However, the “TTcopy.zip” attachment contains a malicious “TTcopy_pdf.exe” file that, when executed, attempts to infect the system with malicious code.
The e-mail message contains the following “Subject” and “Message Body”:
Subject: TT copy of payment
Message Body:
Hello,
Kindly find attached TT copy of payment made to your account today as balance payment on behalf of your customer and the documents, pls sign/stamp and send back to me asap. Kindly confirm that the amount/bank details are correct as and the same with
the one your colleague gave us to make payment with. I await your urgent confirmation and response.
Thanks and best regards.
Management.
If you come across such emails, DO NOT open the attachment. Instead, delete the email and keep your Quick Heal antivirus updated. Quick Heal detects the malicious attached file as TrojanSpy.Zbot.gfld; so our users are already protected.
We additionally recommend that users do not open such attachments from any other unknown emails as well.
17 Comments
Thanks anand for updating us with one more new scam
Thanks For sugesstion
I get many such mails on a daily basis, and I have filtered them to go to the Spam folder, from where they are deleted without even opening. RBI has been warning all not to respond to such offers of winnings, legacies, etc for they but scams. I know of a couple of people who have been cheated out of their savings though such scams.
Recently Quick Heal started a campaign asking their users to forward to them sms/text messages informing of winnings in various promotion campaigns, lotteries. Ever since I forwarded 3 such messages, I have not received any. Thanks, Quick Heal!
Thanks…..
Doesn’t the Quick Heal have antivirus database for this type of virus? If there, is it updated hitherto?
Thanks for the post, recently one incident occurred at our place, one person already lost around rs. 120000 in such scam.
One more thing we can check that domain names of such mails, it is a common sense that any official mail regarding money or job can’t come from personal mail id. So be alerted…
Regards,
John
Thanks
Thanks, Anand, vrey useful suggestion,must be follwed……
it is a nice informatiom. so i am now not opening the attachments without scanned by quick heal also this type of attachment never. thank u quick heal teams.
Dear Sir,
Thanks for your alert. Keep up the good work.
M.Thiagarajan
Thanks for update!!
Your alert are quite informative. Thanks for such informations. I regularly got SMS on my Molile that your Mobile number has won 1,00,000 pounds. Such SMS I used to delete without opening. My advise to all readers that they must delete such messages if receive on mobile or on email.
ok…
I continuously receive these So called ‘Mobile Prize winning’ Sms’s ! Presumably from Nigerian Scamsters ! Spoke to certain Poilce Officers on a Personal level, they don’t seem to be bothered to track them down ! Would Quick Heal be interested in these Fwd’d so that atleast QH can then inform Rest of Clients ?? Any particular Mob/Email address to Fwd to ?
Hi Minoo,
Yes you can forward such messages to +91-86000-44733.
Regards.
I too receive these SMSs especially on my BSNL sim. The other day sister also received it and was about to respond when I was able to stop her the last minute. People need to be aware about this. Why mobile operators do not filter them?
I also received one saying just:
re invoice attached.
I have not opened any attachments because, I don’t recognize the sender, but curiosity is a huge motivator to open.