Sophos is aware of a widespread malicious email campaign sent out with subject lines like this:
These emails claim to come from addresses such as:
Please note that this attack did not originate from Sophos, and there is no indication that we have been compromised in any way.
Unfortunately, the “From” address in an email is part of the email itself, just like the subject line or the message, so the email sender gets to choose whatever they want.
Cybercriminals often pick an official email address from a legitimate business that is somehow related to the subject line of their spam, or scam, or malware.
They do this in order to make their emails look more realistic at first sight.
As far as we can tell, most if not all of emails in this attack included malicious attachments with names such as:
Here’s our advice:
- The “From” address in emails is trivial to forge, a trick also known as “spoofing”. Sophos did not send these emails.
- For information on how to defend against ransomware, please see: How to stay protected against ransomware.
- Stay alert to unexpected emails, even if they appear to come from a reputable source, especially if they urge you to click a link or to open an attachment.
If you come across suspicious emails or attachments from this or any other malware attack and would like to report them to Sophos, please see our instructions on How to submit samples to Sophos.