Thursday 21 September 2017

Vodafone customers warned to be aware of 'malicious email' containing computer virus

Vodafone
Vodafone
Louise Kelly

Louise Kelly

Vodafone customers have been warned to be aware of an email scam that purports to be from the mobile phone company.

In a blog post from Eset Ireland, the widely circulated "malicious email" which contains a computer virus has been highlighted.

The security solutions firm has found that a bill, using the Vodafone letterhead, is being sent to a number of computer users, which include both Vodafone and non-Vodafone customers.

By clicking on the 'Click here to view your bill' link, a JPG file downloads a ZIP file called 'Vodafone bill.zip'.

"Because most Windows users have file extensions turned off by default, many fail to spot this is a JavaScript file, one of the very common vectors for the cybercriminals to deliver their malicious payloads," the Eset blog post advises.

"The code is heavily obfuscated, but once activated, it proceeds to download the Nemucod trojan, which is used for further downloading all kinds of malware, ranging from ransomware to backdoors and banking trojans."

ESET Ireland' Urban Schrott and Ciaran McHale, the authors of the post, also add that users should turn off 'Hide extensions for known file types' in their Windows File Explorer Options.

The blog maintains that Ireland has been one of the countries worst affected by Nemucod in the past, having a 50.42pc detection rate in Ireland, while the world average was 15.82pc.

Vodafone Ireland told independent.ie that this malware, while using the alias of Vodafone brand as leverage to deceive unsuspecting customers, is not specifically effecting Vodafone customers. 

"This is not a result of any breach or loss of Vodafone customer information – you’ll find that there are non-Vodafone customers receiving identical emails," read a spokesperson for the firm.

Vodafone also provided some useful tips for consumers on how to spot a fake emails:

Poor spelling/grammar

Scammers often make simple spelling or grammar mistakes, even mixing up first names/surnames.

Non-personal address

The scammer probably doesn’t know you by name, so they might address you as ‘Dear Sir/Madam’.

Email address

Always check email addresses for a spelling mistake. If you get an unexpected email from a company or person you know, double check with them before sharing any information or making any payments.

The URL/web address of any links

Check that it isn’t unusually long and doesn’t include special characters or letters substituted by numbers. If in doubt, go directly to the company website through your browser.

Requests to act fast

Scammers will often urge you to take action immediately; ‘otherwise your account will be suspended’ or something similar. This can be subtle – like an overdue bill or expired account information.

Unexpected email

Try to think if there’s a good reason for this business contacting you. Or are they, for example, telling you that you’ve won a prize for a competition you didn’t enter?

If still unsure of validity customers have been advised to contact Vodafone Customer Care to confirm if the communication is legitimate.

Online Editors

Also in Business