Malicious spam campaign pretends to be from Sophos

Sophos is aware of a widespread malicious email campaign sent out with subject lines like this:

These emails claim to come from addresses such as:

Please note that this attack did not originate from Sophos, and there is no indication that we have been compromised in any way.

Unfortunately, the “From” address in an email is part of the email itself, just like the subject line or the message, so the email sender gets to choose whatever they want.

Cybercriminals often pick an official email address from a legitimate business that is somehow related to the subject line of their spam, or scam, or malware.

They do this in order to make their emails look more realistic at first sight.

As far as we can tell, most if not all of emails in this attack included malicious attachments with names such as:

These infected ZIPs contained JavaScript files that would almost certainly try to infect you with ransomware if you were to open them.

Here’s our advice:

If you come across suspicious emails or attachments from this or any other malware attack and would like to report them to Sophos, please see our instructions on How to submit samples to Sophos.

One thought on “Malicious spam campaign pretends to be from Sophos

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s