ATM Diplomat spam tries to harvest your personal info

Version imprimable, PDF et e-mail

Look, here I am working on my DDoS series, minding my own business, when blammo! I get hit with this weird looking calendar invitation, requesting that I “Contact the diplomat” for my ATM card.

My curiosity is piqued. I like ATM cards, don't you? Let's dig into this email and see what this is all about. Mama's got the holidays coming up.

When I look into the details of the email, I get a sad. Look here:

I missed the meeting by about 6.5 years. (I have GOT to get better at managing my calendar.)

Upon further inspection, you can see that I am identified as the meeting organizer, though that wasn't my email address in the “From” field. There are dozens of invitees with names that are spelled similar to mine. I hope they haven't been waiting for me to start the meeting.

Well this is all very weird, but I'm not worried, because the body of the email includes a very official looking Ref/Payment code. This is the number I am to use when I claim my payment of US$1,500,000 Million, which awaits only my response to this email.

At first I thought, how strange that they would write “US$1,500,000 Million” because no one writes currency that way, but then I don't usually deal with millions of dollars. Maybe when you have lots of money you start adding extra words to describe your numbers. (It’s possible they mean $1.5 trillion, but seriously, what are the odds? )

The sender of the email states that she is moving to Japan and needs to turn this situation over to another person who will hand deliver my “US$1,500,000 Million” to me. That was good thinking, because this new guy is located in Bulgaria, which is approximately 1,250 miles closer than Japan.

Or is it US1,250 thousand miles? This whole thing is very confusing.

Then the email goes on to ask for me for the following information:

Your name in full:………..
Your mobile phone:……….
Your address:………….
And your nearest airport:……….

And all of this information is to be sent to the guy in Bulgaria so that he can deliver my ATM card with the PIN which will allow me access to the US$1,500,000 Million

Excuse me???

Nobody delivers ATM cards with the PIN!

No I will NOT send you any of my information! Good day sir!

So this particular piece of spam seems fairly harmless, except to the extent that it is harvesting information which will tell the attacker a couple of things:

  1. Your name, address, and other requested information
  2. You think “gullible” rhymes with “spam”

Which means you may be likely to fall for more harmful phishing attacks in the future, and those will probably deliver malware to your machine.

This email was pretty easy to pick apart, but not everyone pays attention. Add to that the fact that the Internet gets about 8 new users every second of every day. There's got to be some folks in there who know nothing about the dangers of spam.

For more information about spam and phishing attacks, follow our research blog over at Barracuda Labs. And to protect your users from this type of attack, check out the Barracuda Spam & Virus Firewall.

Connect with us on Facebook, LinkedIn, Twitter or Google +. Check out our videos on YouTube

  S'abonner au blog
Remonter en haut de page