November 3 - Fake “Statement” campaign
For the last week+, I have been getting these pdf “statement” emails - sometimes several a day. It’s starting to get ridiculous. All of us have been receiving them, including our general office email box. Until today, though, they have all been from senders using Chinese characters in the “from” and subject fields, and in the email text if there is any. Nobody here would get any legitimate emails in Chinese, so all of us just automatically ignore and delete them. (We get lots of rants about China/Taiwan issues from random people, so we get a few of them a week.) It’s also the first one flagged as “High Importance.” The “reply to” email is also completely different from the sender.
The attachments have all been named very similar to this one, with a date and the word “statement.” That they misspelled “statement” is new, I believe, although I may be mistaken. The date in the name of the file is usually the day you get the email or the next/previous day. The attachments are all .pfd files. This particular one had a 9/43 (20.9%) rate of detection at VirusTotal. Interestingly, the email was “Received: from deepin-f12c1fc0 (60-249-181-163.HINET-IP.hinet.net [126.96.36.199])” which was also used in a recent Chinese-language email about Gaddafi’s death posted by Contagio.
Originating IP: 188.8.131.52
- targetedemailattacks posted this