The malicious notifications are entitled “RE: Korbin – Copies of Policies”
Cybercriminals are using bogus corporate policy emails to trick unsuspecting employees into clicking on links that lead to malicious websites.According to Dynamoo’s Blog, the emails are entitled something like “RE: Korbin – Copies of Policies,” but the name is sometimes replaced with Kanisha or Keshia.
“Unfortunately, I cannot obtain electronic copies of the Ocean, Warehouse or EPLI policy. Here is the Package and Umbrella, and a copy of the most recent schedule,” the bogus emails read.
When users click on the links they contain, they’re taken to one of many malicious Russian websites hosted on servers located in France, Kazakhstan or Mongolia.
These particular emails have been making the rounds for a few months now, but it appears they’re still successful in spreading malware.
Another noteworthy thing is that the same cybercriminals are using other spam emails as well in an attempt to trick corporation employees. One example is the fake “Scan from a HP ScanJet” spam run.