People have reported receiving ‘terror alert’ emails that claim to be from law enforcement agencies in several locations around the world, including Canada, Dubai, Bahrain, and Turkey. The emails are signed with the names of real law enforcement officials at the specified agencies. They claim that a terror alert has been issued for your business area and advise you to ‘keep yourself, your company and your family secured’ by following the protective measures contained in an attached file.
The emails are apparently targeted at specific companies and often include the name of a company staff member in the subject line and body of the email. A blog post about the threat on the Symantec Security response website notes:
Interestingly enough, despite not being entirely written in the countries’ respective official languages, the emails are pretty crafty. All officials used in the cybercriminals’ scheme are currently in office. The subject in most cases reflects the name of an employee who works for the targeted company. All these details show that the crooks did some research before sending these phishing emails. If they do not have any employee information, then they would email other targets in the company that could provide them an entry point, such as customer service representatives or IT department personnel.
The emails generally contain two attachments. One is a harmless PDF designed to act as a decoy. The second attachment is an archive file that harbours a trojan. Once installed, the trojan may download further malware and allow criminals to access and control the compromised computer.
This threat appears to be ongoing. Further versions purporting to be from yet more law enforcement agencies may follow. Be wary of any email that claims to contain information about a terror alert either in an attached file or via a link.
EXAMPLE:
From: Department of National Defence Canada
Subject: SECURITY TIPS FOR [Recipient’s name removed]Department of National Defence
Counter Terrorist unit
TO: [Recipient’s name removed]
Sir,
We got a terror alert regarding your business area.
Be advised to follow the protective measures (SECURITY TIPS) as attached to keep yourself, your company and your family secured,
Best regards,
[Name Removed]
Deputy Minister Responsible
Counter Terrorist unit
Ontario, Canada,
[Other address details removed]
Last updated: November 24, 2015
First published: November 24, 2015
By Brett M. Christensen
About Hoax-Slayer
References
Backdoor.Sockrat
Terror-alert spam targets the Middle East, Canada to spread malware
Original Source : https://www.hoax-slayer.net/fake-terror-alert-emails-contain-malware/