Sixt Car Rental Invoice Spam

Subjects Seen

Sixt Invoice: 4784001563 from 24.03.2016

Typical e-mail details:

Dear Customer,

Sixt and the team would like to thank you for your reservation. Your credit invoice is attached to this email. Please understand that we generate the invoice in the national language of the country where the car is rented. We look forward to serving you in future with our premium fleet in over 100 countries worldwide.

We look forward to serving you again in future!

Your Sixt rent a car team

Malicious File Name and MD5:

Sixt_receipt_84268456.doc (4AF54C2A93186C9C296811F06DAD2E68)

HP Enterprise Spam

Subjects Seen

Urgent: F499512 FINANSBANK/ HPE

Typical e-mail details:

Hello,

Please fill the following form to proceed with the deal creation. The form should be filled by the sales rep.

Regards

Enid Ferrell

eCPQ Europe Operations

Phone: +44 (0) 77 5493 4421

Malicious File Name and MD5:

fillout_GOINV09760_superspam.rtf (6184BD4B36DA99A296DC682C6EB6EA2A)

Invoice Word Macro Spam

Subjects Seen

Invoice FEB-53834223

Typical e-mail details:

Good morning,

Please see the attached invoice and remit payment according to the terms listed at the bottom of the invoice.

If you have any questions please let us know.

Thank you!

Lolita Francis

Accounting Specialist

Malicious File Name and MD5:

invoice_feb-53834223.doc (efffbee2ee75190d1172c15a9a1d4efc)

PayPal Spam

Subjects Seen

Your PayPal Invoice is Ready

Typical e-mail details:

Dear PayPal Customer,

Please open the attached file to view invoice.

Your monthly account statement is available anytime; just log in to your account. To correct any errors, please contact us through our Help Centre.

Malicious File Name and MD5:

paypal_955154675414192_110515.exe (2364e385b3fe22c9381e20a72ce520e5)

Datacom Payslip Spam

Subjects Seen

Payslip for period ending 27/Oct/2015

Typical e-mail details:

Dear Customer,

Attached is your payslip for period ending 27/Oct/2015. Please note the attached payslip is password protected - the password is the same as your employee self service login password.The content of this email and its attachments are confidential. If you are not the intended recipient of this message please contact Datacom on 0800 856 856 or +64 9 366 1150.This email message has been sent from an unmanned account. Please do not reply to this address. Contact your payroll administrator for any further enquiries.

Malicious File Name and MD5:

payslip (1CE90078C006CFEE77248E8EDFD68BD2)

Western Union Business Solutions Spam

Subjects Seen

Order 49746970 Booked - Western Union Business Solutions Online FX for Corporate

Typical e-mail details:

Please be advised that Order 49746970 totaling 70,494.00 USD has been booked on Oct 23 2015.

Click on the attached file to view details of the order or to print a receipt.

This email was sent by Western Union Business Solutions. We respect your right to privacy.

Thank you for using Western Union Business Solutions.

Sincerely,

Western Union Business Solutions

Malicious File Name and MD5:

westernunion_order_receipt.exe (E4510056BB38A37EE7AE485AA6C4B36A)

Commonwealth Bank NetBank Spam

Subjects Seen

First NetBank Third Party Payment

Typical e-mail details:

First NetBank Third Party Payment

Your first transfer to the following third party account(s) has been successfully processed:

From Account:     **** **** **** 4362 MasterCard To Account(s):   Raul Murphy 574-152 ***6782 Maestro $4,326.78 Credit help Date:            01/10/2015

Please check attached file for more information about this transaction.

Yours sincerely,

Commonwealth Bank of Australia

Malicious File Name and MD5:

CBA Third Party Payment 510569701.scr (3BBC3DBE68B6AB28F2516F8F814D8005)

Optus DocuSign Spam

Subjects Seen

Completed: Optus agreement no AELT-773123

Typical e-mail details:

Carole Dean,

All parties have completed the envelope 'Optus agreement no AELT-773123'.

Please find attached the signed agreement.

Malicious File Name and MD5:

Optus agreement no CDDO-248440.scr (ADCAED61174AF9FA4C1DB3F27A767316)

Simon Property Group Spam

Subjects Seen

Invoice 6532878390 from Simon Property Group Inc for <email domain> (1234)

Typical e-mail details:

Here's invoice 6532878390 for 824.45 GBP.

The amount outstanding of 824.45 GBP is due on  29 Sep 2015.

Please make payment to the following account, using your account number or invoice number as a reference as we are NO longer accepting cheques:

Sort code: 297-606

A/C no: 285404201

If you have any questions, please let us know.

Many Thanks,

Simon Property Group Inc

Malicious File Name and MD5:

Invoice 2589657796.scr (3C83588C4136E801EF1A14020427D648)

Business Proposal Spam

Subjects Seen

Please view my new proposal of common business

Typical e-mail details:

Good day,

I've attached a new project and business proposal to this e-mail. I suppose it will interest you.

Malicious File Name and MD5:

ammunition demodifier functor.exe (113F9826DF542FC5EA30EA9EA30855F4)

Xstrata Purchase Order Spam

Subjects Seen

PurchaseOrder TSUS21_Z8BE from Xstrata by Ryan, Julianne (PROD)

Typical e-mail details:

This PurchaseOrdre is in PDF format and can be viewed with Adobe Acrobat Reader. You may ACCEPT or REJECT this uPrchaseOrder from this email by following the insturctions below. In either case, an email will be generated for you to send to the Buyer via Mincom Axis. Type in any notes or comments you wish to convey to the buyer in the email Body and send the email but do not modify any part of the email Subject.

To ACCEPT the whole PurchaesOrder, click the following link and complete your details: mailto:[email protected]?Subject=ProcessId:840388708;ProcessDocumentId:410444184;Auth:N;Response:Accepted;ResponseDocument:PurchaseOrderAcknowledgemen

To REJECT the whole PurchaserOder, click the following link and complete your details: axisV2std_draxis.mincom.com?Subject=ProcessId:840388708;ProcessDocumentId:410444184;Auth:N;Response:Rejected;ResponseDocument:PurchaseOrderAcknowledgement

You may wish to consult the Buyer before acknowlegding. Contact details for the Buyer are contained on the atatched PucrhaseOrder.

Please note that the email address [email protected] is an automated email address. Please do not mail to this address other than to acknoweldge this order as detailed above.

This tranmsission is for the intended addressee only and is confidential information. If you have received this transmissoin in error, please delete it and notify the sender. The contents of this e-mail are the opinion of the writer only and are not €ndorsed by the Mincom Group of companies unless expressly stated otherwise.

Malicious File Name and MD5:

PurchaseOrder_40062U_MI4S_222496505.scr (282D5DA28B7311D09543E442CB547598)

NSW Health Payslip Spam

Subjects Seen

Payslip for the period 21 Aug 2015 to 21 sep 2015

Typical e-mail details:

This message is intended for the addressee named and may contain confidential information. If you are not the intended recipient, please delete it and notify the sender.

Views expressed in this message are those of the individual sender, and are not necessarily the views of NSW Health or any of its entities.

Malicious File Name and MD5:

Payslip-21092015.scr (fa73a8adc4a7a1b037b8dded1eb9ac90)

Paymark Spam

Subjects Seen

Paymark TransTrack Report

Typical e-mail details:

Thank you for using the Paymark TransTrack Transaction Reporting email service.

Please find attached your requested transaction report.

The report is in PDF format, suitable for importing into a variety of finance and spreadsheet applications such as Xero, MYOB and Microsoft Excel.

The attached report is in a zip-formatted compressed file so you will need to extract it before viewing it.

If you experience any difficulties or would like more information about Paymark TransTrack please visit paymark.co.nz/info-hub/transtrack

This email was sent to <email>

This email has been filtered by SMX. For more information visit smxemail.com

Malicious File Name and MD5:

report.scr (924bbd14c8ad99d951fcaf97cfcf8480)

Better Business Bureau Spam

Subjects Seen

BBB SBQ Form #397020805(Ref#65-397020805-0-4)

Typical e-mail details:

Thank you for supporting your Better Business Bureau (BBB).

As a service to BBB Accredited Businesses, we try to ensure that the information we provide to potential customers is as accurate as possible. In order for us to provide the correct information to the public, we ask that you review the information that we have on file for your company.

We encourage you to print this SBQ Form, answer the questions and respond to us. (Adobe PDF)

Please look carefully at your telephone and fax numbers on this sheet, and let us know any and all numbers used for your business (including 800, 900, rollover, and remote call forwarding). Our automated system is driven by telephone/fax numbers, so having accurate information is critical for consumers to find information about your business easily.

Thank you again for your support, and we look forward to receiving this updated information.

Sincerely,

Accreditation Services

Malicious File Name and MD5:

BBB SBQ Form.scr (62D41F811E9D942C2A7D268CEFB876BE)

Bendigo Bank Spam

Subjects Seen

Bendigo Bank Morning Update

Typical e-mail details:

Pedro Jolly

Bendigo and Adelaide Bank

Phone:1800 061 656

Direct :03 54858394

Mobile: 0401554459

Malicious File Name and MD5:

Bendigo_Report_#40751301.scr (49534F30853C51ADBCDCB75DE47E25EB)

Dropbox Spam

Subjects Seen

Brad Waters shared "TP Resignation Letter 2.pdf" with you

Reed Contreras shared "TP Resignation Letter 2.pdf" with you

Typical e-mail details:

Brad used Dropbox to share a file with you!

Click here to view.

Malicious URLs:

newyearpartyistanbul.com/securestorage/getdocument.html

Malicious File Name and MD5:

 TP Resignation Letter 2.scr (90a60d95b2f0db6722755e535e854e82)

Bank of America Invoice Spam

Subjects Seen

Invoice Annabell Yost

Typical e-mail details:

Dear Customer,

Invoice14768170 from Annabell Yost.

Sincerely,

Ellsworth Abbott

1-100-532-7314

Bank of America PLC.

Malicious File Name and MD5:

InvoiceFaker__Number.number(5)info_324986219861.exe (276646dc44bb3a2e4bf7ba21f207b5be)