A spam campaign that targets recipients with personalized messages is spreading in Germany, similar to a previous scourge there earlier this year and another that spread in the U.K. in April 2016, according to a report from Symantec.
The emails are customized with recipients' personal details attesting that their payment for a large bill failed to go through and is now primed to be sent to a collection agency or law enforcement. If the target clicks through, their Windows computer is infected with malware capable of siphoning out banking information.
While the latest spam messages are written in German, the Symantec researchers detected similarities in language with email sent earlier to U.K. recipients. Recipient's full name, mailing address and telephone number were included in the message. However, while the emails to U.K. recipients involved getting targets to click on a link to a malicious site, the German version contains the payload in the email in the form of a .zip attachment.
"The payload used an archaic .com file suffix reminiscent of the days of MS-DOS, but the file was clearly a modern malware executable that had been scrubbed of much of the identifying information that might point to its origins," the report explained. The sample – a family detected by Symantec as Trojan.Nymaim.B – also employed sophisticated sandbox evasion techniques so it wouldn't run on a virtual machine.
The use of personal information gathered from public websites indicates to the researchers that this type of attack is likely only to increase in the future.
Be suspicious, they advised, and call the sender to confirm the claim.