Examples of e-mails with malware

More information about dangerous e-mails you can found here.

Application for a price offer - version 2024

2024-07-22

The attachment contains malware. Opening it would cause the computer to become infected.

These emails are not sent from the university network and therefore we cannot prevent them from being sent!

E-mail:

vir mail8

Application for a price offer

2022-08-12

The attachment contains malware. Opening it would cause the computer to become infected.

These emails are not sent from the university network and therefore we cannot prevent them from being sent!

E-mail:

vir mail7

Application for a price offer (Univerzita Karlova)

2022-02-24

The attachment contains malware. Opening it would cause the computer to become infected.

Suspicious:

content
Czech language, but machine translate

These emails are not sent from the university network and therefore we cannot prevent them from being sent!

E-mail:

vir mail6

Fake sender name and e-mail

2022-01-13

The email includes a link to download a malware file. To make it look credible, is the name of a real university employee in the header of the email.

The email, however, was not sent from his account! You could tell by that it is fraud.

But scammers calculate that the recipient now knows that Outlook only shows the sender’s name and hides the address and if in doubt, the recipient looks at the address.

So they use a trick: they put the employee’s email address in the “name” header in addition to the name. The goal is to make the recipient think that Outlook showed him or her the email address and did no more research.

E-mail:

vir mail5

False response to actually sent email

2021-09-28

In the email there is a link to download a malware file and the text is motivated to download and open the file.

The trick is that there’s a quoted email that you actually sent so it looks as a normal answer.

Where did the attacker get the original of your email? He managed to get into the recipient’s account email.

Suspicious things:

“answer” has little to do with the original letter
it’s a reply to a very old letter (probably)
it is a reply to an email sent to a larger number of recipients
you probably don’t know the sender’s name or his email address

The attacker is probably trying to hide where he got the original email therefore changes both the sender’s name and email. In all cases where we were able to determine its source, the account went to freemail, not on the university network.

E-mail:

vir mail4

Application for a price offer (Charles University)

2021-03-26

The attachment contains malware. Opening it would cause the computer to become infected.

Suspicious:

“Reply-To:” in mail header
content
Czech language, but machine translate

E-mail:

vir mail3

Unpaid Invoice Reminder

2020-09-08

The attachment is password protected. Opening it and entering a password would run out to virus the computer.

Suspicious:

to open attachment it is necessary password. But password is in the text of mail. The only one reason is to make impossible check of attachment by antivir sofftware
“Reply-To:” in mail header

E-mail:

vir mail2

Transfer fee

2020-04-14

The attachment is compressed. Unpacking and opening it would run out to virus the computer.

Suspicious:

bad Czech language
attachment with .7z suffix (camouflage)
owner of domain rubidea.cz (in From: address) is not carrier company

E-mail:

vir mail