In The News‎ > ‎

Wire transfer spam emails

posted Jan 27, 2015, 8:14 AM by Craig Cox   [ updated Jan 29, 2015, 11:21 AM ]
There have been several reports this morning of spam email arriving with the promise of a $19,000 wire transfer -- all you have to do is open the attachment.  Everyone has been very good so far about recognizing the bait and reporting / deleting the email.  Here's some detail for you to keep in mind:

Wire transfers require bank account numbers.  You won't be getting any wire transfers you don't expect, out of the blue -- you have to have given a bank account number to receive the wire transfer, or you would have to have specified a Western Union (or similar) service to receive it for you. has more details.

At least some of the emails were intercepted before they reached us, and the malicious payload was removed.  The automation did not filter the scam message, just the attachment.  The payload it said it removed was the Upatre downloader, which is used to steal banking credentials.  Interestingly, most of the people who have reported this so far have been college employees who might be thought to work with college bank accounts.  Because I'd like to know just how thoroughly targeted this spam campaign was, I'm asking anyone who received an email since yesterday (January 26) that promised a large wire transfer to notify me, and let me know your job title.

Thank you all for keeping your eyes open!

Update (January 29): The spam campaign does not appear to be targeted at Delaware Tech.  Other organizations are seeing sharp spikes in these emails, as reported by Symantec.  The payloads are still dangerous, however, and the goal is to get the victim's bank login credentials.