Monthly Archives: August 2016

Malicious email alert: PO with .doc attachment

The malicious email below came with a .doc (Word format) attachment. The attachment is most likely a vehicle for installing malware onto your system.

Remember to practice good attachment hygiene- never open attachments from people you don’t know or open attachments on emails you weren’t expecting. When in doubt, contact the sender to inquire about attachments before opening.


From: Ole [mailto:Ole]
Sent: Monday, August 29, 2016 11:18 PM
Subject: Re: PO #099282

Good Morning,

Please find attached PO #099282 duly acknowledged for your attention.

Thanks & regards,

Ole Borgbjerg
Brodersen A/S

Isn’t it ironic?

I’ve got Alanis Morissette’s song Ironic* stuck in my head today. And all because of this phishing email.

From: University of Washington []
Sent: Tuesday, August 23, 2016 4:14 AM
To: Me
Subject: Avoid Your Email Suspension

University of Washington


Verify your University of Washington Email email account

to avoid email suspension

Click Here

Thank You

Copyright c 2013 University of Washington


Where does the irony come in, you ask? Because the only way you’d have your email account suspended is if you clicked that link and got phished by them!

*Despite its misrepresentation of the concept of irony, Ironic is a very catchy song. If you don’t know it, check it out- but NOT on your work computers please!!!


Malicious email alert- old school email scam

Who doesn’t love old school spam?! Check out this variant of the classic Nigerian email scam. Haven’t seen one of these for a loooong time.

Dear Esteemed Beneficiary in a bid to serve you with honesty we are pleased to inform you that a meeting was held as regards the best way to carry out with the compensation exercise for transparency and most especially to avoid any form of delay in transferring your funds and the high cost of procuring transfer documents, we have came to a final conclusion as all head of organizations involved was duly represented. It was agreed and approved to be issued to you as a valid international ATM card cash-able at any ATM machine designation in the world. The ATM account has already being credited with One million four hundred and ninety thousand united States dollars ($1,490,000.00), with a daily Limit withdrawal of Ten thousand United States Dollars. ($10.000, 00U USD) The ATM card has already being packaged and approved to be delivered to your doorstep via express courier delivery service.

Contact Mr. Rakitic Alves now {Our ATM Rep.} at the ATM Center Benin Republic,
email ( atmserv_department@foxmail.comĀ  )
and reconfirm your delivery information as stated below
Beneficiary Code …………FST9154BR
full Name ……………..,
full home address……….,
your valid phone number….,

Warm Regards
Rose Onwuzuligbo


Malicious email alert: UW acct phishing

Yet another phishing email. This one gets credit for having an interesting sounding web address in any case- You can see the web address by hovering your mouse (don’t click) over the link below that says View Details.

This one has a plausible sounding sender address, but we can’t rely on sender address for proof of legitimacy because sender address can be easily “spoofed.” The only way to tell if an email is legit is to hover over the link and see where it really goes.

Subject: IT HelpDesk

Date: Thu, 4 Aug 2016 09:25:17 -0500

From: University of Washington <>

You have one new message from Mercer IT HelpDesk regarding your mail account.

View Details

University of Washington

Malicious email alert: UW acct phishing attempt

Note that the sender appears to be UW IT. However, sender address is easily faked, so you cannot rely on it to determine whether an email is legit or not.

The link says it is Again, this is easily faked. If you hover your mouse over the link, you will see that it is actually going to:, which is a malicious website hosted in Belgium.

Subject: UW-IT monitors

Date: Sun, 31 Jul 2016

From: University of Washington <>

Dear User,

Due to security concern we have temporarily suspended your account from all incoming messages.

Kindly log in by visiting our url below and follow prompt.

Thank you.

University of Washington