The fake email message below with the subject: "NatWest Statement," has a link to a malicious website hosting malware. The fake message was designed to trick the recipients into clicking on the link within it, by claiming that they can view their September 2014 online financial activities.
The Fake and Malicious Email Message
From: NatWest.co.uk [noreply @natwest.com]
Subject: NatWest Statement
View Your September 2014 Online Financial Activity Statement
Keep track of your account with your latest Online Financial Activity Statement from NatWest Bank. It’s available for you to view at this secure site. Just click to select how you would like to view your statement:
View/Download as a PDF
View all EStatements
So check out your statement right away, or at your earliest convenience.
Thank you for managing your account online.
Sincerely,
NatWest Bank
Please do not respond to this e-mail. If you have any questions about this inquiry message or your NatWest Bank
® Merchant account, please speak to a Customer Service representative at 1-800-374-2639
If the recipients click on the malicious link in the email message, they will be taken to the malicious website: http://.www.teli.us. The malicious website has a Zip or compressed file located at:
called: "Invoice102740 _448129486142_pdf.zip" that contains the virus or Trojan horse file listed below that will infect their computers if it is open.
- Invoice102740_448129486142_pdf.exe
Note: the cyber-criminals behind this malicious email message may change the name of the file and website.
The victim may also be taken to the compromised website: www.hallerindia.com.
We found the following threats after scanning the malicious file: Invoice102740_448129486142_pdf.exe
- Downloader.Generic14.BAX
- Win32.Malware!Drop
- Trojan.GenericKD.1871130
- Trojan[Downloader]/Win32.Upatre
- TR/Dldr.Upatre.bao
- Trojan.Win32.Upatre.apuI
- Trojan.GenericKD.1871130
- W32/Trojan.RUYZ-4978
- Trojan.Upatre.46
- Win32/TrojanDownloader.Waski.A
Now, if you have already clicked on the link in the malicious email message, downloaded and opened the malicious file, please do a full scan of your computer with the antivirus software installed on it.
Because, once your computer has become infected with the malicious Trojan horse, the cybercriminals behind this email message will be able to access and take control of your computer remotely from anywhere around the world. They may spy on you, use your computer to commit cybercrimes, or steal your personal and financial information.
If you don’t have antivirus software installed on your computer, please click here for a list of free antivirus software.
For a list of other malicious email messages, please click here.