Outline Email purporting to be from Western Union claims that the recipient has "received a remittance" and should open an attached file to access more information about a supposed money transfer.
Brief Analysis
The email is not from Western Union and the attached file does not contain information about a money transfer. Instead, the attached file contains a trojan that can allow cybercriminals to take control of your computer.
Scroll down to submit comments
Last updated: 14th September 2011
First published: 14th September 2011
Article written by Brett M. Christensen About Brett Christensen and Hoax-Slayer
Example
Subject: WESTERN UNION: MONEY TRANSFER FOR YOU
NOTIFICATION!
DEAR CONSUMER , You have received a remittance, more information about the money transfer is in the attached file.
Money Order can be cashed at any branch or bank in Your city
All for You , WesternUnion Holdings Inc
TEST QUESTIONS: Test Questions may be used with some Services if the principal amount of the money transfer does not exceed USD999.99. In the U.S, and many destinations outside the U.S., a money transfer that includes a test question will be paid to the Receiver if the Receiver can provide the correct answer to the Test Question or can provide valid identification. In some Destinations Receiver may be required to provide identification, a test question answer or both to receive funds in cash. Test Questions are not an additional security feature and cannot be used to time or delay the payment of a transaction and are prohibited in certain countries. Please contact at the customer service telephone number listed below for current information regarding the availability of test question for Your selected destination
Attachment Name: WesternUnion_Inc-l5270758.zip
Payload Name WesternUnion_received_ID5633865642.doc__________________________.exe
Detailed Analysis
According to this email, which purports to be from financial services company Western Union, the recipient has "received a remittance" and should open an attached file to view details about this supposed money transfer.
However, the email is certainly not from Western Union and the attachment does not contain information about a money transfer. In fact, the attachment contains a trojan that, once installed, can give Internet criminals access to the compromised computer. Those who open the attached .zip file, will find a second file that, at first glance, may appear to be a harmless Word document (.doc) file. In an oft used ruse, the scammers have given the malicious payload a name with a double file extension with a long gap between the two extensions. They hope that unwary recipients will therefore see only the .doc extension and, because of the gap, miss the .exe extension. Of course, the real extension is .exe, denoting that it is an executable file, not a Word document.
Versions of the malware emails have been distributed since late August 2011. While all versions refer to a supposed Western Union money transfer, subject lines, attachment names and other details may vary. Bogus emails claiming to be from Western Union have also been repeatedly used by scammers as a means of tricking people into revealing personal and financial information. Western Union will never send you an unsolicited email that asks you to review information or supply personal details by opening an attached file or by following a link. Any such email should be treated with suspicion.
