14 DAY TRIAL // Over the past weeks, malicious emails purporting to come from salesforce.com and entitled something like “Department of Treasury Notice of Outstanding” have been landing in inboxes. The notifications have nothing to do with salesforce.com or the Department of Treasury.
“Important please review and sign the attached document! We have received notification from the Department of the Treasury, Financial Management Service (FMS) that you have an outstanding obligation with the Federal Government that requires your immediate attention,” the fake emails read.
“In order to ensure this condition does not affect any planned contract or grant activity, please review and sign the attached document and if you are unable to understand the attached document please call FMS at 1-800-304-3107 to address this issue.”
Dynamoo’s Blog reports that the file that’s attached to these emails is called “FMS-Case-H6SYVMK704BX4AL.zip.” The archive file contains an executable named “FMS-Case-{_Case_DIG}.exe.”
This .exe file is actually a piece of malware that’s designed to download additional threats to the infected computer. Currently, over two dozen of the antivirus engines from VirusTotal can detect the threat.
This means that if your computer is running an updated antivirus, the malware will likely be neutralized before it can download anything else on the device.
However, the cybercriminals behind the campaign periodically change the piece of malware they attach to the fake emails. That’s why it’s important to avoid downloading and executing suspicious files received in unsolicited communications. Also, users should refrain from clicking on links contained in spam.
The easiest way to tell if an email is legitimate is to check the attachment. If the attached file is a .zip archive or a .exe, you’re most likely dealing with a cybercriminal scheme.
If you’re a victim of this attack, scan your computer with an updated antivirus to make sure it’s not infected.