Scam Of The Week: This Scary New Phishing Attack is Very Hard to Detect

Heads up! The bad guys have come up with a new attack technique that’s just plain nasty. Last week, users began receiving emails from known contacts they had at another organization, or so they thought. At least one of the emails appeared to be a reply to an existing email thread, where users at the two organizations had been emailing back and forth.

Among this email thread, one of the most recent messages was noticeably short — “Morning, please see attached and confirm” — but in the context of the email chain, the message was very convincing. The email appears to come from a person at a company the receiver has been emailing with, and this message appears to be a reply to a legitimate email chain. The aim of the email was to have the user open a Word attachment that had been infected with a banking trojan called Ursnif.

The attackers are using compromised email accounts to spread this trojan like a worm. Be cautious of any emails you receive this week containing Word attachments, even if they appear to be coming from someone you know or are a reply to an existing email thread.

Always remember: “When in doubt, throw it out!”

Stop Look Think – Don’t be fooled.

Questions or comments, contact IT at