Watch out! Widespread wire transfer confirmation emails carry malware

Cybercriminals have widely spammed out a malware campaign today, posing as a confirmation email about a wire transfer.

A typical email looks like this:

Email malware

Subject: Fwd: Re: Wire Transfer Confirmation

Sign up to our free newsletter.
Security news, advice, and tips.

Dear Bank Account Operator,
WIRE TRANSACTION: WIRE-[random number]

You can find details in the attached file. (Microsoft Word format)

The precise subject line used by the emails can vary, as the below snapshot demonstrates:

Malware subject lines

Attached to the emails is a file called (obviously the spammers could change this filename at any time) which contains an executable file.

Sophos is adding detection of the ZIP file as Troj/BredoZp-KQ and the Trojan horse contained within as Troj/Bredo-ZT. Users of Sophos’s anti-spam solutions were already protected.

Money transfer. Image from ShutterstockInterestingly, in the example above, the malicious email claims to have come from Habbo Hotel – a virtual community which has had its fair share of bad headlines recently.

Other email addresses in the current “wire transfer” malware campaign claim to come from LinkedIn (just after the exposure of their embarrassing password security), UPS and other seemingly random addresses.

Which makes me wonder – are the spammers just having a laugh at our expense?

The fact is that if you’re reading sites like Naked Security, and keeping informed of the latest threats and tricks used by cybercriminals, you are quite unlikely to be duped by a malware attack like this one.

But there are plenty of other, less security-savvy, people out there. Make it your goal today to get one of the “not-we” clued up about security. Introduce them to Naked Security, and suggest that they get a clue.

You could be doing someone a favour that will make all of us that little bit safer.

Money transfer image courtesy of Shutterstock.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.