Sexy photos from a sweet girl? Too risky!

Graham Cluley
Graham Cluley
@

 @grahamcluley.com
 @[email protected]

If a sexy girl mistakenly sends you photos, you’d be a fool not to take a peek, right?

Wrong.

Malicious email

Here are the details of the email that we are catching in our spamtraps today:

Sign up to our free newsletter.
Security news, advice, and tips.

Subject line: how are you? or hi
Message body:

Hi,
I will like to know you more better but I am not always on dating website if you trully want to get to know me more better like i do then get back to me through my email adress and tell me more about yourself there and also send me some more pics of you and i will do the same i hope to read from you soon so we can exchange more email and sexy photos. Take good care of yourself... and send me an email to my email adress I'll talk to you later.
Your sweet girl :)

ps: I send my sexy photo for you :*

Attached to the email is a file called photo.zip which, surprise surprise, contains a Trojan horse. In this case it’s Troj/Dloadr-CWG.

As in the “Hi friend” email attack I blogged about earlier today, malicious campaigns like this only work because the hackers are able to successfully socially engineer unsuspecting users into opening the dangerous file.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "The AI Fix" and "Smashing Security" podcasts. Follow him on Bluesky, Mastodon, and Threads, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.