The Comodo Antispam Labs (CASL) team has identified a new regional phishing threat, targeted specifically at the citizens of the London Borough of Richmond upon Thames in the United Kingdom.
The spoofed email is from a Richmond.co.uk address, designed to try and steal vendor numbers and specific email addresses, convincing unsuspecting victims that they will receive a “remittance advice” should they respond. It also triggers a set of malware that would be activated, should the unsuspecting victims click on the link.
The Comodo Antispam Labs team identified the phishing email through IP, domain, and URL analysis, and has alerted the London Borough of Richmond upon Thames of the malware threat.
“This new phishing threat is a prime example of how targeted malware campaigns can actually be – looking at a specific customer set of a specific company,” said Fatih Orhan, Director of Technology for Comodo and the Comodo Antispam Labs. “At Comodo, we work diligently in creating innovative technology solutions that stay a step ahead of the cyber criminals, and keep enterprises and IT environments safe.”
For the System IT Administrators who think their IT may be susceptible to the fake email, the key IP address and domain name are below:
IP Address: 18.104.22.168
Domain name: odecasrl.com
The Comodo Antispam Labs team is made up of more than 35 IT website security professionals, ethical hackers, computer scientists and engineers, all full time Comodo employees, analyzing and filtering spam, phishing and malware from across the globe. With offices in the US, Turkey, Ukraine, the Philippines and India, the CASL team analyzes more than 1,000,000 potential pieces of phishing, spam or other malicious/unwanted emails per day, using the insights and findings to secure and protect its current customer base and the at-large public, enterprise and Internet community.
If you feel your company’s IT environment is under attack from phishing, malware, spyware or cyberattacks, contact the security consultants at the Comodo Antispam Labs: https://enterprise.comodo.com/contact-us.php
A screen grab of the phishing email is included below.
Sent: 07 December 2015 12:42
Subject: Payment Advice For Vendor0000113915
The London Borough of Richmond upon Thames Accounts Payable team, are pleased to announce we can now e-mail your remittance advice.
Please find attached a remittance advice for a payment you will receive in the next 2 working days.
If this is not the preferred email address you wish to receive remittance
advises, please could you email firstname.lastname@example.org quoting your vendor number (found on remittance attached) and details of your preferred email address so we can update our records.
Remittances sent from LB Richmond Remittance will include payments made on behalf of:
Achieving for Children
LBRuT Local Authority
LBRuT Pension Fund
SW Middlesex Crematorium Board
If you have received this message in error you must not print, copy, use or disclose the contents, but must delete it from your system and inform the sender of the error. You should be aware that all emails received and sent by the London Borough of Richmond upon Thames may be stored or monitored, or disclosed to authorised third parties, in accordance with relevant legislation.”