14 DAY TRIAL // A new wave of scareware-carrying emails are posing as order confirmations from a pearl jewelry manufacturer called BoBijou in an attempt to trick recipients to open malicious attachments.
According to independent security consultant Dancho Danchev, who analyzed the new attack, the emails bear a subject of "Successfull Order [number]" and carry an attachment called Order_details.zip.
The body message is aimed to scare recipients into believing that their credit card has been wrongfully charged and as a result, open the executable file inside the zip archive. It reads:
"Thank you for ordering from Bobijou Inc.This message is to inform you that your order has been received and is currently being processed. "Your order reference is [number]. You will need this in all correspondence. This receipt is NOT proof of purchase. We will send a printed invoice by mail to your billing address.
"You have chosen to pay by credit card. Your card will be charged for the amount of 262.00 USD and 'Bobijou Inc.' will appear next to the charge on your statement.
"You will receive a separate email confirming your order has been despatched [sic.]. Your purchase and delivery information appears below in attached file."
Opening the "Order details.exe" file contained in the attachment would be a very bad idea because it is actually a trojan downloader whose purpose is to install a poorly detected scareware program.
The fake order notification lure is an old trick used to spread malware in recent years. The fact that cyber criminals keep using it suggests that it is still successful enough to justify the effort.
Users are strongly advised to treat email attachments with caution. All files received in this manner, even if from what appear to be trusted sources, should be scanned with one or more antivirus programs before opening. Services like Virus Total are a simple solution to do that.