ThreatTrack Security - Malicious Spam Alerts
AT&T DocuSign Spam

Subjects Seen:

  1. Please DocuSign this document: Contract_changes_08_27_2014.pdf

Typical e-mail details:

Hello,

AT&T Contract Changes has sent you a new DocuSign document to view and sign. Please click on the ‘View Documents’ link below to begin signing.

Malicious URLs:

  1. 79.172.51.73/Docusign/wps/myportal/sitemap/Member/ATT/SignDocument/7c16d8c7-e5ad-4870-bb79-1c1e4c9b35d6&er=fb88d3b6-88f4-4903-ae77-41754063bd7c/Contract_changes_08_27_2014.zip

Malicious File Name and MD5:

  1. Contract_changes_08_27_2014.zip (5ED69A412ADB215A1DABB44E88C8C24D)
  2. Contract_changes_08_27_2014.exe (C65966CCA8183269FF1120B17401E693)
ADP Past Due Invoice Spam

Subjects Seen:

  1. ADP Past Due Invoice

Typical e-mail details:

Your ADP past due invoice is ready for your review at ADP Online Invoice Management .

If you have any questions regarding this invoice, please contact your ADP service team at the number provided on the invoice for assistance.

Please note that your bank account will be debited within one banking business day for the amount(s) shown on the invoice.

Review your ADP past due invoice here.

Important: Please do not respond to this message. It comes from an unattended mailbox.

Malicious URLs:

  1. 81.80.82.27/upload/portal.adp.com/wps/myportal/sitemap/PayTax/PayStatements/invoice_449017368.zip

Malicious File Name and MD5:

  1. invoice_449017368.zip (CF55AD09F9552A80CD1534BD392B44D1)
  2. invoice_449017368.exe (C65966CCA8183269FF1120B17401E693)
Royal Bank of Canada Payment Spam

Subjects Seen:

  1. The Bank INTERAC to Leo Dooley was accepted.

Typical e-mail details:

The INTERAC Bank payment $19063.01 (CAD) that you sent to Leo Dooley, was accepted.
The transfer is now complete.
Message recipient: The rating was not provided.

See details in the attached report.

Thank you for using the Service INTERAC Bank RBC Royal Bank.

Malicious File Name and MD5:

  1. INTERAC_PAYMENT_08262014.exe (B064F8DA86DB1C091E623781AB464D8A)
  2. INTERAC_PAYMENT_08262014.zip (71239A9D9D25105CEC3DF269F1FDCA2D)
Bank of America Merrill Lynch CashPro Spam

Subjects Seen:

  1. Bank of America Merrill Lynch: Completion of request for ACH CashPro

Typical e-mail details:

You have received a secure message from Bank of America Merrill Lynch

Read your secure message by opening the attachment, securedoc.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it in a Web browser.
If you have concerns about the validity of this message, contact the sender directly.
First time users - will need to register after opening the attachment.

Malicious URLs:

  1. 161.58.101.183/handler/jxpiinstall.exe

Malicious File Name and MD5:

  1. securedoc.html (D6E1DD6973F8FAA730941A19770C97F2)
  2. jxpiinstall.exe (C3110BFDD8536DC627336D7F7A6CC2E7)
Bank of America Activity Alert Spam

image

Subjects Seen:

  1. Bank of America Alert: A Check Exceeded Your Requested Alert Limit

Typical e-mail details:

Activity Alert
A check exceeded your requested alert limit
We’re letting you know a check written from your account went over the limit you set for this alert.
For more details please check attached file

Malicious File Name and MD5:

  1. report08252014_6897454147412.scr (7ED898AA2A8B247F7C7A46D71B125EA8)
  2. report08252014_6897454147412.zip (FF4C74D80D3C7125962D7316F570A7FF)
ADP Anti-Fraud Update Spam

Subjects Seen:

  1. ADP: August 22, 2014 Anti-Fraud Secure Update

Typical e-mail details:

Dear Valued ADP Client,

We are pleased to announce that ADP Payroll System released secure upgrades to your computer.

A new version of secure update is available.

Our development division strongly recommends you to download this software update.

It contains new features:

The certificate will be attached to the computer of the account holder, which disables any fraud activity
Any irregular activity on your account is detected by our safety centre

Download the attachment. Update will be automatically installed by double click.

We value our partnership with you and take pride in the confidence that you place in us to process payroll
on your behalf. As always, your ADP Service Team is happy to assist with any questions you may have.

Malicious File Name and MD5:

  1. 2014 Anti-Fraud Secure Update_08222014.scr (840B3B6A714F7330706F0C19F99D5EB8)
  2. 2014 Anti-Fraud Secure Update_08222014.zip (AB0D93E0952BDCE45D6E6494DF4D94AD)
JPMorgan Chase Secure Message Spam

Subjects Seen:

  1. Daily Report - August 19, 2014

Typical e-mail details:

This is a secure, encrypted message.
    
Desktop Users:
Open the attachment (message_zdm.html) and follow the instructions.
    
Mobile Users:
Voltage secure mail is not currently supported on mobile devices. If you experience issues, please access your secure message from a fully functional browser.

Malicious URLs:

  1. 192.241.124.71/securemail/jpmchase.com/formpostdir/Java/Java_update.exe

Malicious File Name and MD5:

  1. message_zdm.html (550CB01F07DB2363437C8627697C6B1F)
  2. Java_update.exe (38d75db0a575891506b1ff0484a03cd0)
Companies House Annual Return Spam

Subjects Seen:

  1. (AR01) Annual Return received

Typical e-mail details:

Thank you for completing a submission Reference # (9586474).

  • (AR01) Annual Return

Your unique submission number is 9586474
Please quote this number in any communications with Companies House.

Check attachment to confirm acceptance or rejection of this filing.

Malicious File Name and MD5:

  1. AR01_021434.scr (3324B40B5D213BEC291F9F86F0D80F64)
  2. AR01_021434.zip (7D65D78B6E35843B6FF3C4C46BAAC37A)
Citibank Account Documents Spam

Subjects Seen:

  1. RE: Account documents have been uploaded

Typical e-mail details:

Your Documents have been uploaded to dropbox. In order to download / view Please click here to download / view .

All web filed documents (with the exception of downloaded accounts templates) are available to view / download for 10 days after their original submission. Once accepted, these changes will be displayed on the public record. Not yet filing your accounts online? See how easy it is… For enquiries, please telephone the Service Desk on +1 800-285-1851 or email enquiries @citibank.com. This email was sent from a notification-only email address which cannot accept incoming mail. Please do not reply directly to this message. .

Yours faithfully

Lucia Dumas
Commercial Banking
Citibank N.A

Malicious URLs:

  1. tinyurl.com/q7x4jlt
  2. creativeplay.com/css/Document-8841.zip

Malicious File Name and MD5:

  1. Document-8841.zip (C410845BE7D038ABCF4BBC361D7FE167)
  2. Document-8841.scr (2BAFC99B1F149A88044963B577385F3B)
UK Land Registry Spam

Subjects Seen:

  1. Notification of direct debit of fees

Typical e-mail details:

Notification Number: 4682787

Mandate Number: LND4682787

###THIS IS AN AUTO NOTIFICATION EMAIL. DO NOT REPLY TO THE SENDER OF THIS EMAIL. IF YOU HAVE A QUERY PLEASE REFER TO THE INFORMATION BELOW ###

This is notification that Land Registry will debit 1527.00 GBP from your nominated account on or as soon as possible before 18/08/2014.

Details of fees that we shall be collecting by direct debit for the applications charged are now available to view.

You can access these by opening attached report.

If you have an enquiry relating to your VDD account please contact Customer Support at customersupport@ landregistry.gsi.gov.uk or call on 0844 892 1111. For all enquiries, please quote your key number.

Thank you,

Land Registry

Malicious File Name and MD5:

  1. LND_Report_13082014.exe (4E3480ADAF846BE2073246C9879290D2)
  2. LND_Report_4682787.zip (EAD6A8A2A9613175112E6C75D247B0BC)