Hackers are using fake customer complaint emails to hook organizations in their attacks.
Recently fake emails are being received by various organizations with the disguise of customer complaint mails. This emails are phishing campaigns used by hackers to drop malware backdoor in the recipient’s system. These emails utilize subjects like “Re: customer complaint in [insert company name]” or “Re: customer complaint for [recipient name]”.
Emails state that the recipient’s employer has received a customer complaint about them and this can lead to the employee being fined and have the amount deducted from their salary. The email contains a link to download customer complaint copy, and this link redirects to a google docs page which contains the download option.
When a user clicks on the “Expand and Preview” link, a file named Prevew.PDF.exe will be downloaded. This executable is a new backdoor being named ‘bazaloader’ based on the domain used by its command and control server.
There are several reports of phishing scams being circulated through similar malicious emails. The attachments are generally malicious and are mostly backdoor for malware, Such malicious campaigns can be used to expand and launch various cyber attacks once the victim falls in their trap.
NPAV recommends to stop downloading attachments from untrusted sources as they can be malicious. Always keep an eye on the extension of the files being downloaded as they can then be differentiated and categorized as safe or unsafe.
Use NPAV and join us on a mission to secure the cyber world.