'Wire Transfer Canceled' Malware Email
Email purporting to be from the US Federal Reserve claims that a wire transfer sent from the recipient's bank account was not processed and that details about the transfer can be viewed in an attached file.
© Depositphotos.com/Aleksandar Stojanov
The message is not from the Federal Reserve. The attachment contains a trojan that can allow criminals to hijack the infected computer and harvest personal and financial information. If you receive one of these emails, do not open any attachments or click on any links that it contains.
Subject: Your Wire Transfer 88287812 canceled
The Wire transfer , recently sent from your bank account , was not processed by the FedWire.
Transfer details attached to the letter.
This service is provided to you by the Federal Reserve Board. Visit us on the web at website
To report this message as spam, offensive, or if you feel you have received this in error, please send e-mail to email address including the entire contents and subject of the message.
It will be reviewed by staff and acted upon appropriately
This email, which appears to have been sent by the US Federal Reserve, claims that a recent wire transfer sent from the recipient's bank account has been canceled and was not processed by FedWire. According to the email, the recipient can read details about the canceled transfer by opening a payment receipt contained in an attached .zip file.
However, the email is not from the Federal Reserve and the claim that a wire transfer has been canceled is a lie.
The attachment does not contain a payment receipt. Instead the attached file harbours malware
. Users who fall for the ruse and run the .exe file contained in the attached .zip will install a trojan on their computers. Once installed, the trojan can allow criminals to control the infected computer from afar. The malware may also collect personal and financial information and relay it back to the scammers.
The criminals responsible for such malware campaigns bank on the fact that
at least a few recipients will open the attachment out of simple curiosity or because they believe that their bank account has been compromised. The scammers use a spoofed email address to make it seem that the email originated from the Federal Reserve.
If you receive one of these emails, do not open any attachments or click on any links that it contains.
Last updated: May 1, 2013
First published: May 1, 2013
Research: Matthew T. Christensen
By Brett M. Christensen