Fake FCI Exchange report emails carry malware infection

SophosLabs is intercepting a large number of malicious emails that have been spammed out across the internet.

The emails, which use a variety of subject lines, refer to selling real estate notes and claim to come from a firm called FCI Exchange.

Here’s a typical example:

Hello,

We wanted to let you know that FCI Exchange, The Nation’s Leading Note
Trading Platform is searching for real estate note owners interested in selling.

For additional Information refer to attched FCI Exchange Report

Remember FCI Exchange has thousands of buyers ready to act and
there are no charges until a note is purchased. We look forward to
working with you.

Subject lines used in the malicious email campaign include:

We sell Real Estate notes
Performing Notes Wanted
RE notes wanted

Attached to the emails is a ZIP file (typically called FCI_Exchange_Report_[random number].zip) which…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.