Sneaky fake company virus warnings trick users into installing malware

Picture the scene.

You receive an email from someone inside your company. He tells you that there is a virus problem inside the company and it has resulted in data being stolen and some files being deleted.

You are told to install an anti-virus tool to clean-up the infection properly. The link appears to point to a download on your company’s own website.

Would you do it?

Well, hopefully not. But people less savvy in security matters might be fooled.

Here is the email that has been spammed out to a number of large companies (click for a larger version):

Subject: IT Notice

Message body:
Dear all,

Just a quick alert to let everyone know that our company have experienced a new kind of virus to web space and personal computer. found that the computer system information leaked, such as in other server information is…

Read more in my article on the Naked Security website.

Found this article interesting? Follow Graham Cluley on Twitter or Mastodon to read more of the exclusive content we post.

Graham Cluley •   @gcluley

Graham Cluley is a veteran of the cybersecurity industry, having worked for a number of security companies since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows. Now an independent analyst, he regularly makes media appearances and is an international public speaker on the topic of cybersecurity, hackers, and online privacy. Follow him on Twitter, Mastodon, Bluesky, or drop him an email.