[Ipg-smz] Message has been disinfected : Fwd: Balfour Beatty

Mon Oct 21 19:32:33 UTC 2019

I get crap like this quite often. Messages like this one that say 'Dear 
Sir/Ma ' should be a sign of an obvious scam. I get stuff addressed to 
'Dearly Beloved' or 'Beloved in Christ' or other BS. I don't get the 
Irish Sweepstakes mails, but a lot of other mail - about requests for 
proposals, or unpaid invoices, or attached purchase orders, and obvious 
traps like that squeak past the BS detector in my mail client.

This morning, I got an authentic looking email from 'AOL' about a device 
trying to log in.

I'm probably stating the obvious, but I would be very surprised if we 
don't all get these usually blatantly obvious scams or phishing messages.

The 'Balfour Beatty' message shows all the signs of an obvious scam or 
attempt at infection.

(Of course, 'Message has been disinfected' may show that your antivirus 
or anti-malware was able to detect the malicious code in the message or 
its attachment, and just cleaned it up -- or, OTOH, a particularly 
crafty criminal figured that, if he or she sent a message with the 
SUBJECT including 'has been disinfected,' you may be more likely to open 
the 'disinfected' attachment.)

In any case, I'd avoid this.

On 10/21/2019 12:15 PM, Evan Schuman via Ipg-smz wrote:
>
> Not sure, but something about what you sent freaked out my AV 
> software. The subject line was changed for me to “Message has been 
> disinfected.”
>
> _______
>
> Evan Schuman
>
> eschuman at thecontentfirm.com <mailto:eschuman at thecontentfirm.com>
>
> 973-993-8098 <tel:973-993-8098> (voice)
>
> Computerworld weekly columnist (Column archive: 
> http://www.thecontentfirm.com/weekly-column-on-computerworld)
>
> Moderator for MIT Sloan Management Review events
>
> Google Search: http://lmgtfy.com/?q=Evan+Schuman# 
> <http://lmgtfy.com/?q=Evan+Schuman>
>
> https://twitter.com/eschuman
>
> www.linkedin.com/in/schumanevan/ <http://www.linkedin.com/in/schumanevan/>
>
> /Member, Internet Press Guild: http://netpress.org//
>
> *From:*Ipg-smz <ipg-smz-bounces at netpress.org> *On Behalf Of *Dennisf63 
> via Ipg-smz
> *Sent:* Monday, October 21, 2019 3:03 PM
> *To:* ipg-smz at netpress.org
> *Cc:* Dennisf63 <dennisf63 at wildblue.net>
> *Subject:* Message has been disinfected :[Ipg-smz] Fwd: Balfour Beatty
>
> Okay, this is a new one. The attachment, which I downloaded and saved 
> and I carefully do NOT include here, is labeled Notice.iso with that 
> cute cd as an icon.
>
> Why am I suspicious?. I've never heard of these people, and I don't 
> think I've used any propane in 20 years (all electric house), and I 
> just have the feeling that the attachment, should I attempt to open it 
> (I won't), might be toxic.
>
> Any thoughts, experience with this type of bait?
>
>
>
> -------- Forwarded Message --------
>
> *Subject: *
>
> 	
>
> Balfour Beatty
>
> *Date: *
>
> 	
>
> Mon, 21 Oct 2019 11:05:17 -0700
>
> *From: *
>
> 	
>
> curtis at gulfcoastpropane.com <mailto:curtis at gulfcoastpropane.com> 
> <curtis at gulfcoastpropane.com> <mailto:curtis at gulfcoastpropane.com>
>
> Good Day Sir/Ma ,
> Our records indicate that you have an outstanding balance with a due date of 10/25/2019. We have yet to receive this payment. Please find a copy of the invoice enclosed.
> If this amount has already been paid and sent, please disregard this notice and we apologize for any inconvenience. Otherwise, please forward us the amount stated above that is past due by [10/28/2019. As our written agreement states, we will start charging a 5% interest charge for any outstanding balance greater than 30 days.
> Thank you for your cooperation regarding this matter. We sincerely hope we can continue doing business together in the future.
> Sincerely,
> MESSE MЬNCHEN GMBH
> Messegelдnde
> 81823 Mьnchen
> Tel.: +49 89 949-20720
> Fax: +49 89 949-20729
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://netpress.org/pipermail/ipg-smz_netpress.org/attachments/20191021/301d13a2/attachment.html>