For the record, this is an Apple phishing email attempt that is recently going around and made it through span filters. What to do? Report them, goto bottom of page.
It contains two infected PDF files: Deezer Music - Podcast Player Reciept.pdf
Uploading to http://jsunpack.jeek.org/ to detect the PDF javascript malware we find:
1 | <</Type/Action/S/URI/URI(https://ju.lazada.co.id/?cid=ID_BOB_REVIEW_PRODUCT_REVIEW&mid=9feac30ffdeb1eb43bb13636de5778c6&msg_id=6515abd7-3d76-432d-9dc3-75267e6422a9&url=http://advanceindco.com/mogaderez.php/?jancokkarankamuasukontolmamakkaulonthe) >>
|
What's unique about this attack - VirusTotal did not pick up the malware ?
How to tell this is a Phishing email ?
- Check email address in full, if it's not from originating company then it's phishing.
- Hover over all links in email, if it's not from the apple.com site then forget it.
- The best way is to look at message source, see below.
How to examine Email Message Source ?
Now lets look at message source- Outlook.com->Actions->View Message Source.
- Gmail.com->More (down arrow to top right)->Show original.
Report Phishing Email (not as Spam)
- Outlook.com->Junk (at Top)->Phishing Scam
- Gmail.com->More (downarrow to top right)->Report Phishing
Report Phishing URLs at Google now
If you have recievied this email take further action now by click these links
Report phishing at Microsoft and government agencies
Report phishing emails to Apple
Forward the email to abuse@icloud.com. This provides Apple's legal department and law enforcement with useful information to help prevent future phishing emails.
No comments:
Post a Comment