Notification of Vehicle Tax DD Payment Schedule (Ref: 000000-000005-274421-001) FG08OEE.doc macro malware.
These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
NoteHeader:
It's also worth remembering that the company itself may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net.
It's not advised to ring them as there won't really be anything they can do to help you.
From: directdebit@taxdisc.service.gov.uk
Subject: Notification of Vehicle Tax DD Payment Schedule (Ref:
000000-000005-274421-001)
Message Body:
Attachment:Important: Confirmation of your successful
Dear customer
Direct Debit instruction
Vehicle registration number: FG08OEE
Thank you for arranging to pay the vehicle tax by Direct Debit.
Please can you check that the details attached below, and your payment schedule are correct.
If any of the above financial details are incorrect please contact your bank as soon as possible.
However, if your details are correct you don’t need to do anything and your Direct Debit will be processed as normal. You have the right to cancel your Direct Debit at any time. A copy of the Direct Debit Guarantee is included with this letter.
For your information, the collection will be made using this reference, and this is how your payment will be detailed on your bank statements:
Your vehicle tax will automatically renew unless you notify us of any changes. We will send a new payment schedule at the time of renewal.
- DVLA Identifier: 295402
- Reference: FG08OEE
Yours sincerely
Rohan Gye
Vehicles Service Manager
FG08OEE.docSha256 Hashes:
25e247c71cd4a50f5c97e3b69807faa5ac048da050c0180fd881f75d1577fe66 [1]
369c3e84e9a288b3f2df0672c3dd2eaa208c9d2e6ac10c36a04b9e3ff52f8b4d [2]
404a73f3cb148dfdd1e75aa498c7a8098352f4014eedf50c77db2c299bf70f24 [3]
a97b05797f326e8e8ba79f12d15a523096be31b13c19d7569b82995b957616ec [4]
fe9097d91e65bd70b4ae777e8fbdb139d39f0baadeca4ab40e9b584b002a2f1d [5]
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/57)
VirusTotal Report: [2] (detection 4/57)
VirusTotal Report: [3] (detection 4/57)
VirusTotal Report: [4] (detection 4/57)
VirusTotal Report: [5] (detection 4/57)
NOTE
The current round of Word/Excel/XML attachments are targeted at Windows users.
Apple and Android software can open these attachments and may even manage to run the macro embedded inside the attachment.
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
Currently these attachments try to auto-download Dridex, which is designed to
steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste))
Cheers,
Steve
12 comments:
Just received one of these emails at 08:47 this morning. Thanks for the information confirming my suspicions.
I received such eMail today - we are Cyech company. Thanks for confirming my suspicions.
Received two of these emails at 8.49 and 10.04. Thanks for the post confirming this scam.
Many thanks for the update - there are a load of tossers out there.
Clive
Thanks for this. I got the exact same mail 5 minutes ago and was immediately suspicious but there was nothing in the mail headers suggesting it was anything other than a mistake from the DVLA. Thankfully it's always possible to revoke a DD instruction even if the mail had been genuine!
Just got this email, Thanks for the information you posted here, I grew suspicious and browsed the internet for this and I found your post here, thanx
The source IP address is Bangalore, India.
I received two of these emails this morning and am pleased I googled them to check if this was a current scam. Thanks for the confirmation and I just deleted the emails.
Phil
They need a geography lesson I live in Ireland stupid scammers
For extra protection against these scams and others it would be wise to install Trusteer Rapport. This runs alongside other security programs and prevents key logging, among other things. You can download it from your bank's website.
When you receive three of these emails your suspicions are raised, and as usual when I'm not sure I check it out on the Internet. Thanks for confirming my suspicions.
By a complete coincidence, I had just bought a car when I received the scam DVLA email. I checked it out by pasting some of the text into google and your site came up - thank you!
Post a Comment