Malicious spam campaign pretends to be from Sophos


Sophos is aware of a widespread malicious email campaign sent out with subject lines like this:

These emails claim to come from addresses such as:

Please note that this attack did not originate from Sophos, and there is no indication that we have been compromised in any way.

Unfortunately, the “From” address in an email is part of the email itself, just like the subject line or the message, so the email sender gets to choose whatever they want.

Cybercriminals often pick an official email address from a legitimate business that is somehow related to the subject line of their spam, or scam, or malware.

They do this in order to make their emails look more realistic at first sight.

As far as we can tell, most if not all of emails in this attack included malicious attachments with names such as:

These infected ZIPs contained JavaScript files that would almost certainly try to infect you with ransomware if you were to open them.

Here’s our advice:

If you come across suspicious emails or attachments from this or any other malware attack and would like to report them to Sophos, please see our instructions on How to submit samples to Sophos.

1 Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.