Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

Home    About    New Articles    RSS Feed    Subscriptions    Contact
Bookmark and Share

Issue 119 - October 2011 - Page 14

Western Union 'Money Transfer' Trojan Email

Issue 119 Start Menu

Previous Article            Next Article

Email purporting to be from Western Union claims that the recipient has "received a remittance" and should open an attached file to access more information about a supposed money transfer.

Brief Analysis
The email is not from Western Union and the attached file does not contain information about a money transfer. Instead, the attached file contains a trojan that can allow cybercriminals to take control of your computer.

Bookmark and Share
Detailed analysis and references below example.

Last updated: 14th September 2011
First published: 14th September 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer



DEAR CONSUMER , You have received a remittance, more information about the money transfer is in the attached file.

Money Order can be cashed at any branch or bank in Your city

All for You , WesternUnion Holdings Inc

TEST QUESTIONS: Test Questions may be used with some Services if the principal amount of the money transfer does not exceed USD999.99. In the U.S, and many destinations outside the U.S., a money transfer that includes a test question will be paid to the Receiver if the Receiver can provide the correct answer to the Test Question or can provide valid identification. In some Destinations Receiver may be required to provide identification, a test question answer or both to receive funds in cash. Test Questions are not an additional security feature and cannot be used to time or delay the payment of a transaction and are prohibited in certain countries. Please contact at the customer service telephone number listed below for current information regarding the availability of test question for Your selected destination

Attachment Name:
Payload Name WesternUnion_received_ID5633865642.doc__________________________.exe

Detailed Analysis
According to this email, which purports to be from financial services company Western Union, the recipient has "received a remittance" and should open an attached file to view details about this supposed money transfer.

However, the email is certainly not from Western Union and the attachment does not contain information about a money transfer. In fact, the attachment contains a trojan that, once installed, can give Internet criminals access to the compromised computer. Those who open the attached .zip file, will find a second file that, at first glance, may appear to be a harmless Word document (.doc) file. In an oft used ruse, the scammers have given the malicious payload a name with a double file extension with a long gap between the two extensions. They hope that unwary recipients will therefore see only the .doc extension and, because of the gap, miss the .exe extension. Of course, the real extension is .exe, denoting that it is an executable file, not a Word document.

Versions of the malware emails have been distributed since late August 2011. While all versions refer to a supposed Western Union money transfer, subject lines, attachment names and other details may vary. Bogus emails claiming to be from Western Union have also been repeatedly used by scammers as a means of tricking people into revealing personal and financial information. Western Union will never send you an unsolicited email that asks you to review information or supply personal details by opening an attached file or by following a link. Any such email should be treated with suspicion.

Bookmark and Share References
Western Union money transfer email disguises Trojan attack
Western Union 'Too Many Login Attempts' Phishing Scam
Western Union Unauthorized Transaction Phishing Scam
Western Union - Suspicious (Phishing) Email

Previous Article            Next Article

Issue 119 Start Menu

Pages in this month's issue:
  1. Jordon Mills Prayer Request
  2. Amy Bruce Charity Hoax Revisited
  3. 'Australian Taxation Office 'New Rules' Malware Emails
  4. Bogus Facebook Virus Warning - 'Pornographic Movies Posted On Our Behalf'
  5. Are UK Companies Required by Law To Transfer 0800 Callers to UK Based Reps If Requested?
  6. Australia Post Undelivered Package Malware Emails
  7. Hoax: Picture of Shark Swimming in Flooded Street After Hurricane Irene
  8. Circulating Health Warning: Beware of Little White and Black Caterpillars
  9. Harly A. Andrews Prayer Request
  10. UEFA EURO 2012 Email Draw Advance Fee Scam
  11. Farmville White Gift Box Virus Warning Hoax
  12. Sleazy Online Dating Emails Carry Malware
  13. 'New Antivirus Update for Windows' Scam Email
  14. Western Union 'Money Transfer' Trojan Email
  15. Bob Katter and the 'Labor Party's Worst Nightmare' Polemic
  16. Hoax - Collect Bottle Caps For Free Cancer Chemotherapy Treatment
  17. 'Your Credit Card is Blocked' Malware Emails