November 23, 2009
Email Account Deactivation Warning, and Facebook Password Reset Confirmation
Watch For Scams is dedicated to helping you avoid becoming a victim of fraud.
If you like this ezine, do a friend a big favor and forward this to them. If a friend forwarded this to you, and if you like what you read, please subscribe by visiting the link below:
Email Account Deactivation Warning, and Facebook Password Reset Confirmation
The Email Account Deactivation Warning email advises you that your email account has been deactivated due to unusual activity being detected.The email instructs you to extract and run an attached "mailbox utility", supposedly in order to restore your email service.
The email however is not from your ISP or hosting company and the attachment does not contain a mailbox utility. In fact, if you open the attachment, it will install a copy of the Mal/EncPk-LP trojan on your computer.
The email messages use fake sender addresses to make it look like they originate from your service provider [if your email address was yourusersname@provider.com, the malware email will arrive with an address like automailer@provider.com and will also end with a line such as "best regards, provider.com technical support"].
This is done to trick more people into opening the email by trying to look legitimate.
The Facebook Password Reset Confirmation email states that your password has been changed as a security measure, and that your new password is in the attached document.
The goal of the email is to get you to open the document to read your new password, and if you do this, you will in fact be launching a copy of the Bredolab Trojan. Once installed, this trojan is able to download and install other malware components such as keyloggers and password stealers and allow Internet criminals to control your computer from the other side of the world.
If you receive an email like this or the one above, don't open any attachments or click on any links in the message. It is quite easy for criminals to make it appear that an email is legitimate by using fake "from" addresses, disguised links, and logos or other graphics stolen from the genuine company's website.
Remember You will never be sent any new passwords in an attachment.
Be aware that the Bredolab Trojan is also distributed via emails that include fake shipping confirmation messages and messages supposedly confirming the order of goods bought online.
Remember - always watch for scams!
Steve