{"id":75065,"date":"2012-10-31T12:36:59","date_gmt":"2012-10-31T07:06:59","guid":{"rendered":"https:\/\/blogs.quickheal.com\/?p=75065"},"modified":"2024-03-11T18:39:19","modified_gmt":"2024-03-11T13:09:19","slug":"fake-payment-confirmation-scam-emails","status":"publish","type":"post","link":"https:\/\/www.quickheal.com\/blogs\/fake-payment-confirmation-scam-emails\/","title":{"rendered":"Fake Payment Confirmation’ scam emails"},"content":{"rendered":"

A series of new spam emails that target computer users and attempt to infect them with a variant of a ZBOT trojan have been discovered.<\/p>\n

The e-mail attempts to persuade a recipient to open an attachment and claims that the said attachment contains a payment confirmation for the recipient. However, the “TTcopy.zip<\/strong>” attachment contains a malicious “TTcopy_pdf.exe<\/strong>” file that, when executed, attempts to infect the system with malicious code.<\/p>\n

The e-mail message contains the following “Subject” and “Message Body”:
\nSubject:<\/strong> TT copy of payment<\/em><\/p>\n

Message Body:<\/strong>
\nHello,
\nKindly find attached TT copy of payment made to your account today as balance payment on behalf of your customer and the documents, pls sign\/stamp and send back to me asap. Kindly confirm that the amount\/bank details are correct as and the same with
\nthe one your colleague gave us to make payment with. I await your urgent confirmation and response.
\nThanks and best regards.
\nManagement.<\/em><\/p>\n

If you come across such emails, DO NOT open the attachment. Instead, delete the email and keep your Quick Heal<\/a> antivirus updated. Quick Heal detects the malicious attached file as TrojanSpy.Zbot.gfld<\/strong>; so our users are already protected.<\/p>\n

We additionally recommend that users do not open such attachments from any other unknown emails as well.<\/p>\n","protected":false},"excerpt":{"rendered":"

A series of new spam emails that target computer users and attempt to infect them with a variant of a ZBOT trojan have been discovered. The e-mail attempts to persuade a recipient to open an attachment and claims that the said attachment contains a payment confirmation for the recipient. However, the “TTcopy.zip” attachment contains a […]<\/p>\n","protected":false},"author":11,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21,24],"tags":[161,22,23,25,47,29,40,38],"class_list":["post-75065","post","type-post","status-publish","format-standard","hentry","category-email","category-malware","tag-email","tag-email-malware","tag-fraudulent-email","tag-phishing","tag-security","tag-social-engineering","tag-trojan","tag-vulnerability"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/75065"}],"collection":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/users\/11"}],"replies":[{"embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/comments?post=75065"}],"version-history":[{"count":3,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/75065\/revisions"}],"predecessor-version":[{"id":92363,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/posts\/75065\/revisions\/92363"}],"wp:attachment":[{"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/media?parent=75065"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/categories?post=75065"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.quickheal.com\/blogs\/wp-json\/wp\/v2\/tags?post=75065"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}