Your grandmother’s phish

It’s been a while since something this blatant came down the wire:

Sorry for the delays towards making the payment, Please see attachment for proof of payment by verifying your email and password through the attached outlook duc transfer page to access the POP. Kindly confirm payment. Thanks CFO Sharon Williams

The “transfer page,” cleverly named “Wire Receipt.htm,” is some Base64-encoded garbage that I am not about to look at.

Weird aspects of this mailing:

  • Sender is identified as “Sharon Smith,” not “Williams,” though the email address given is sharonw at
  • This line appears in the header:
    X-Source-Args: /usr/bin/php /home/tcfofcha/public_html/mc.php

Is it possible that these folks have been hijacked?

1 comment

  1. fillyjonk »

    7 March 2015 · 7:46 am

    Web of Trust throws up a warning that the site is on a “third party blacklist” for phishing. So, yeah. (I think Karma has another group of hackers to go after when she finally gets her butt-kicking boots on.)

RSS feed for comments on this post