Warning! JavaScript is turned off or disabled! Some features on this website will not work.

Beware of Experian Virus Email - "IMPORTANT - A Key Change Has Been Posted"

Beware of Experian Virus Email - "IMPORTANT - A Key Change Has Been Posted"

This morning I received an e-mail message appearing as if it came from Experian. The e-mail subject is "IMPORTANT - A Key Change Has Been Posted". I have never signed up with Experian so it was strange that they would send this email message to me. After checking the email, I found out it has a malware attached to it. The malware is a Trojan Horse called Troj/Invo-Zip. This email was not sent from Experian and you should not open the attachment.

Please continue below.

The Malicious Email

Experian Email With Virus Attached-IMPORTANT - A Key Change Has Been Posted

Membership ID #561653903

A Key Change Has Been Posted to One of Your Credit Reports

A key change has been posted to one of your three national Credit Reports. Each day we monitor your Experian®, Equifax? and TransUnion? Credit Reports for key changes that may help you detect potential credit fraud or identity theft. Even if you know what caused your Report to change, you don't know how it will affect your credit, so we urge you to do the following:

View detailed report by opening the attachment.
You will be prompted to open (view) the file or save (download) it to your computer.

For best results, save the file first, then open it in a Web browser.

Contact our Customer Care Center with any additional questions.

Note: The attached file contains personal data.

Your Experian.com membership gives you the confidence you need to look after your credit. We encourage you to log-in regularly to take full advantage of the benefits your membership has to offer, such as unlimited access to your Credit Report and Score Tracker. Notifications like this are an important part of your membership, and in helping you stay on top of your credit.

*If it has been less than thirty days since you joined Experian.com, your monthly credit statement includes your information for the period of time you have been enrolled.

The name of the malicious attachment is Credit_Report_14032013.zip, but this name can change. The naming convention is Credit_Report_*.zip with * replaced with numbers.

When this compressed or zip is extracted, it contains the file malicious Credit_Report_14032013.exe. This file name can also change.

Kerio antivirus removed the attachment.

Kerio Control email scanner found a virus in the following attachment:
Name: Credit_Report_14032013.zip
Content type: application/zip
Additional information from antivirus: Sophos verdict: Troj/Invo-Zip
The attachment has been removed.

Please share with us what you know or ask a question about this article by leaving a comment below. Also, check the comment section below for additional information, if there is any.

Remember to forward suspicious, malicious, or phishing email messages to us at the following email address: info@onlinethreatalerts.com

If you want to quickly find answers to your questions, use our search engine.

Comments, Questions and Reviews
(Total: 0)

To help protect your privacy, please do not post or remove your full name, telephone number, email address, username, password, account number, credit card information or home address in your comments, questions, or reviews.

Show More of the 0 Comments, Questions or Reviews

Write Your Comment, Question or Review

Write your comment, question or review in the box below to share what you know or to get answers. Please revisit after an hour or more to view reponses or answers to you questions.

Your comment, question or review will be posted as an anonymous user because you are not signed in. Sign-in.