Apr 11 2014

BT Yahoo Closing Down – Fake/Scammer Emails

Published by under Spam/Phishing Emails

Well today’s scammer/phishing email is supposedly from BT :


The email purports to be from BT Customer Services informing you that BT are in the process of upgrading their BT Yahoo Mail and that it will stop working shortly, this is usually happening within a matter of days, thus increasing the urgency for you to upgrade.

To do the upgrade your asked to click on the embedded link “Upgrade BT Yahoo Mail”, this then takes you to a fake Yahoo log in page, where it will ask you to login with your BT Email Username and Password.

First thing that gives the scam away is the address in the Web bar, it’s not a yahoo address, in this case it was http://www.chemaweyaat.com/plugins/editors/jnr/mail.html

This was a compromised website that someone has uploaded their fake Yahoo page to, so that when you land on it, you fill in your details and these are then stored or forwarded  on to the scammer, for what ever nefarious plans they may have.

If you do get fooled by this scam/phishing email, first thing you need to do it go to the proper BT yahoo Login page and immediately change your password and don’t forget to amend these details in your Email client on your PC (otherwise you won’t receive emails on it any more).

Hope this has been helpful to you and remember never enter your Username and Password into a website before checking that its legitimate.

No responses yet

Apr 03 2014

Published by under Wordpress

In the past 2hrs my blog’s had over 200 attempted logins into the backend from multiple IP Addresses using various usernames and passwords, none of which thankfully allow access to the blog.

Never seen that amount of attacks before, from the IP details that my blogs recording when they attempt the hack most of it seems to be coming  from Russia/Ukraine/India/China and Poland, guessing there’s a lot of Bot Nets in these particular countries.

Anyway “touch wood” none have yet managed to get past the login page, my blog security is catching them and blocking the IP addresses after each failed attempt, will just keep monitoring to ensure none do :)

No responses yet

Mar 27 2014

NatWest Secure Message – Trojan Payload

This week’s Virus/Trojan email is purporting to be from the NatWest Bank :

If you receive this email it will look something like this :

NatWest Secure Message

It’s a very basic looking email, with not attempt at including NatWest Corporate Logo’s etc, the only thing it really has is the attachment, which in this case is another email message called “SecureMessage.msg” , now opening this won’t install the anything, all it will do is open another email like the example shown below :

NatWest Secure Message2

This is much the same as the original email, again very basic, but this time the email has a .ZIP file attached “SecureMessage.zip”, this is the Virus/Trojan payload : DON’T OPEN IT

The best thing to do with this email when you receive it to just delete it, don’t’ certainly don’t open it and if you do, as mentioned in my earlier posts run Malware removal software and any virus software you have.

From what I’ve read thus far about this emails payload, it seems to be the Zbot Trojan , this one’s particularly designed to steal banking details, so I’d suggest if you do suspect this has been installed on your PC to keep an eye on your account for any unusual spends or withdrawal/transfers.

Any questions you might have on the removal of this virus/trojan, please feel free to leave a comment and I’ll attempt to answer/help you

No responses yet

Next »

Personal Blogs
Personal Blogs
%d bloggers like this: