Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share







Western Union 'Money Transfer' Trojan Email

Outline
Email purporting to be from Western Union claims that the recipient has "received a remittance" and should open an attached file to access more information about a supposed money transfer.



Brief Analysis
The email is not from Western Union and the attached file does not contain information about a money transfer. Instead, the attached file contains a trojan that can allow cybercriminals to take control of your computer.

Bookmark and Share
Detailed analysis and references below example.



Scroll down to submit comments
Last updated: 14th September 2011
First published: 14th September 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer


Example
Subject: WESTERN UNION: MONEY TRANSFER FOR YOU

NOTIFICATION!

DEAR CONSUMER , You have received a remittance, more information about the money transfer is in the attached file.

Money Order can be cashed at any branch or bank in Your city

All for You , WesternUnion Holdings Inc

TEST QUESTIONS: Test Questions may be used with some Services if the principal amount of the money transfer does not exceed USD999.99. In the U.S, and many destinations outside the U.S., a money transfer that includes a test question will be paid to the Receiver if the Receiver can provide the correct answer to the Test Question or can provide valid identification. In some Destinations Receiver may be required to provide identification, a test question answer or both to receive funds in cash. Test Questions are not an additional security feature and cannot be used to time or delay the payment of a transaction and are prohibited in certain countries. Please contact at the customer service telephone number listed below for current information regarding the availability of test question for Your selected destination

Attachment Name: WesternUnion_Inc-l5270758.zip
Payload Name WesternUnion_received_ID5633865642.doc__________________________.exe




Detailed Analysis
According to this email, which purports to be from financial services company Western Union, the recipient has "received a remittance" and should open an attached file to view details about this supposed money transfer.

However, the email is certainly not from Western Union and the attachment does not contain information about a money transfer. In fact, the attachment contains a trojan that, once installed, can give Internet criminals access to the compromised computer. Those who open the attached .zip file, will find a second file that, at first glance, may appear to be a harmless Word document (.doc) file. In an oft used ruse, the scammers have given the malicious payload a name with a double file extension with a long gap between the two extensions. They hope that unwary recipients will therefore see only the .doc extension and, because of the gap, miss the .exe extension. Of course, the real extension is .exe, denoting that it is an executable file, not a Word document.

Versions of the malware emails have been distributed since late August 2011. While all versions refer to a supposed Western Union money transfer, subject lines, attachment names and other details may vary. Bogus emails claiming to be from Western Union have also been repeatedly used by scammers as a means of tricking people into revealing personal and financial information. Western Union will never send you an unsolicited email that asks you to review information or supply personal details by opening an attached file or by following a link. Any such email should be treated with suspicion.

Bookmark and Share References
Western Union money transfer email disguises Trojan attack
Western Union 'Too Many Login Attempts' Phishing Scam
Western Union Unauthorized Transaction Phishing Scam
Western Union - Suspicious (Phishing) Email



Last updated: 14th September 2011
First published: 14th September 2011
Article written by Brett M. Christensen
About Brett Christensen and Hoax-Slayer