DoNotReply@ikea.com Thank you for your order! IKEA receipt 607656390.doc macro malware.
These emails aren't from these companies at all , they are just being used to make the email look more genuine, ie. from a real company.
Note
It's also worth remembering that the company itself may not have any knowledge of this email and it's link(s) or attachment as it won't have come from their servers and IT systems but from an external bot net and they normally have faked email headers/addresses.
It's not advised to ring them as there won't really be anything they can do to help you.
|
Header:
From: DoNotReply@ikea.com
Subject: Thank you for your order! |
Message Body:
Order
acknowledgement:
To print, right click and select print or use keys Ctrl and
P.
Thank you for ordering with IKEA Shop Online. Your order is
now being processed. Please check your order and contact us as soon as possible
if any details are incorrect. IKEA Customer Relations, Kingston Park, Fletton,
Peterborough, PE2 9ET. Tel: 0203 645 0015
|
Total
cost:
£122.60
Delivery
date:
30-10-2015
Delivery
method:
Parcelforce
We will confirm your delivery date by
text,email or telephone within 72 hrs.
|
Order/Invoice
number:
607656390
Order
time:
8:31am GMT
Order/Invoice
date:
30-10-2015
|
Legal
information Please note that this email does not mean that we have
accepted your order and it does not form a binding contract. A contract will be
formed between You and IKEA at the time we dispatch your order to you, with the
exception of made to order sofas and worktops where order acceptance occurs at
the point when we send you our Delivery Advice email.
Attachment:
IKEA receipt 607656390.doc
Sha256 Hashes:
03626c8036299e08b705f193337d44934ee45ddc373a368c71e8ef073ec674e8
92f733da9ba440f0632b495a32742d47a5cb296f49127f210e14de412e371bf8 |
Malware Virus Scanner Reports:
VirusTotal Report: [1] (detection 4/56)
VirusTotal Report: [2] (detection 4/56)
|
Sanesecurity sigs (phish.ndb) detected this as:
Sanesecurity.Malware.24819.MacroHeurGen.Hp
Sanesecurity sigs (badmacro.ndb) detected this as:
Sanesecurity.Badmacro.BadDoc.Fmt.Shell |
NOTE
The current round of Word/Excel/XML/Docm attachments are targeted at Windows users.
Apple and Android mobiles/tablets can open these attachments and may even manage to run the macro embedded inside the attachment but they will be safe
The auto-download file is normally a windows executable and so will not currently run on any operating system, apart from Windows.
However, if you are an Apple/Android user and forward the message to a Windows user, you will them put them at risk of opening the attachment and auto-downloading the malware.
These word/excel attachments try to download either...
... both of which are designed to steal login information regarding your bank accounts (either by key logging, taking auto-screens hots or copying information from your clipboard (copy/paste)) |
Cheers,
Steve
19 comments:
I have just received one this morning - saw your post so will be deleting pronto
Thanks
received one here this morning as well (28/10/15). email looks very realistic
Thanks for the good advice Steve. Much appreciated.
I have just received one too - it certainly does look very genuine from Ikea - all the right logos and details. I wondered if my husband had ordered my Christmas present - but it is far too early so very unlikely.
Thanks for the info, I might well have opened the attachments for this.
Received the same one, cheers
Thanks for such prompt advice keep up the great work
I have also just received one this morning, thanks for the heads up.
I received this email today with attachment. When viewing the message source this appears to be an IKEA internal scam as the source email address is @ikea.com - So I suspect there is a rogue IKEA employee with a grudge. Same like TALKTALK mess. Pity Sweden will not get to receive all the phone calls from anxious public.
The order amount looks very similar to a recent collected order so I checked for spelling mistakes and authenticity of customer service number. This is a brillant spoof !
If I don't download anything can they still get into my account from just looking at email?
I have just received one too. Thx for the heads up
Do I need to have clicked on something to be scammed or just by opening it?
Received this email this morning too, as did my wife. It's very realistic. Thanks for the advice
Chris P
Ditto got one now - thanks for the alert
Thanks for heads up got 1 this am
I received one and opened the attachment like an idiot on a work laptop. IT seem to think I'm protected, but changed all my banking passwords in case!
Hi,
I opened the attachment, so am I at risk now?
Good morning,
Received one forwarded from a society website where I have an email address as an officer of the society. I wouldn't dare order anything on the society without authorisation! ;-)
I also received this ones. Thanks for your advice.
Received one of these yesterday, and your post confirmed my suspicions about the file attachment. Many thanks for this - very useful.
Post a Comment