[Bglug] Phishing attempt? Virus payload via MS Office macro?
pjr at bmts.com
Thu Nov 21 19:11:05 EST 2019
Earlier this week I received and email, ostensibly from 'Canada Post'
claiming there was a missed package delivery, presumably at my home. It
had the logos etc and it was addressed to me, pjr at bmts.com. But the
tracking number in the email was blank.
There was no record at the local post office of such a package nor was a
'door hanger' left on our front door to signify someone from CP had
tried to deliver a package.
The email included an attachment which, when I tried to open it, was
gibberish - reminded me of a postscript file. It had a filename xxx.doc.
The instructions at the top of the page said I should open it with MS
Office as it was encrypted. I should have been suspicious immediately as
there was no tracking number on the email. The alarm bells did not ring!
As I do not have MS Office, I could not open the file.
I got much more suspicious when I tried to forward it, to see if there
was a package as the email also had others in the headers. The outgoing
email was returned to me by the mail agent because
host mail.xxxxx.ca[188.8.131.52] said: 550-This message
contains a virus or other harmful content 550
(in reply to end of DATA command)"
In summary then, perhaps this was some kind of scam, a phishing attempt,
or perhaps opening the attachment to 'decrypt' it would install a virus.
MS Office does macros, doesn't it?
For your information, as some would say.
Two things are infinite: the universe and human stupidity; and I'm not sure about the the universe. - Albert Einstein
More information about the Group