Debunking email hoaxes and exposing Internet scams since 2003!

Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share





'Wire Transfer Canceled' Malware Email

Outline
Email purporting to be from the US Federal Reserve claims that a wire transfer sent from the recipient's bank account was not processed and that details about the transfer can be viewed in an attached file.

Fed Reserve Wire Transfer Malware

Depositphotos.com/Aleksandar Stojanov



Brief Analysis
The message is not from the Federal Reserve. The attachment contains a trojan that can allow criminals to hijack the infected computer and harvest personal and financial information. If you receive one of these emails, do not open any attachments or click on any links that it contains.

Bookmark and Share

Example
Subject: Your Wire Transfer 88287812 canceled

The Wire transfer , recently sent from your bank account , was not processed by the FedWire. 

Transfer details attached to the letter. 
This service is provided to you by the Federal Reserve Board. Visit us on the web at website 
To report this message as spam, offensive, or if you feel you have received this in error, please send e-mail to email address including the entire contents and subject of the message.

It will be reviewed by staff and acted upon appropriately


Wire Transfer Canceled Malware

Detailed Analysis


This email, which appears to have been sent by the US Federal Reserve, claims that a recent wire transfer sent from the recipient's bank account has been canceled and was not processed by FedWire. According to the email, the recipient can read details about the canceled transfer by opening a payment receipt contained in an attached .zip file.

However, the email is not from the Federal Reserve and the claim that a wire transfer has been canceled is a lie. The attachment does not contain a payment receipt. Instead the attached file harbours malware. Users who fall for the ruse and run the .exe file contained in the attached .zip will install a trojan on their computers. Once installed, the trojan can allow criminals to control the infected computer from afar. The malware may also collect personal and financial information and relay it back to the scammers.

The criminals responsible for such malware campaigns bank on the fact that at least a few recipients will open the attachment out of simple curiosity or because they believe that their bank account has been compromised. The scammers use a spoofed email address to make it seem that the email originated from the Federal Reserve.

If you receive one of these emails, do not open any attachments or click on any links that it contains.

Bookmark and Share

Last updated: May 1, 2013
First published: May 1, 2013
Research: Matthew T. Christensen
By Brett M. Christensen
About Hoax-Slayer

References
'wire transfer canceled' - watch out for spammed-out malware attack




Go to Mobile Version