Happy Holidays, be extra careful!

Happy Holidays!

We hope your holiday season is going extra fine, but we, at Ultra Scary, need to remind people that in this high stress season to be very careful on emails they receive.

We just got this one from a friend, asking for assistance (I have change some of the information in the message).  If we would have replied to “help” our friend Susan out, we could have been scammed.

 

Greetings,
        How are you doing today? Please I need your urgent help and assistance, I will be really grateful if you would help me.

Hope to read back from you soon..

Regards

Susan L. XXXXX, MS, LMFT
SomeCompany Counseling Services'(262) 555-1911, #265

This is a transmission from SomeCompany Counseling Services, Inc. and may contain privileged and confidential patient information, If you are not the intended addressee of this transmission, then any further disclosure, copying, distribution or use of this information in any way whatsoever is strictly prohibited. If you have received this transmission in error, please destroy it and notify the sender immediately at the telephone number or address above.

 

This email came from what appeared to be Susan’s personal yahoo email Address.  And the “SomeCompany” matches where Susan is employed.  Calling the Telephone number (that matches the area code) does go to a local business (in this case a law office) but not the company Susan works for. They even used the companies boilerplate email footer.   They did miss a few details, Susan’s middle initial is not a L.  The messages was also sent to “Undisclosed recipients”

The Email displayed was for Susan’s Yahoo account, but if you did a Reply or look at the header information, the reply was to an Outlook.com email address (still with the Susan Name attached to it) but that does not display while reading the message.

Couple of fun points in the header,

This message was sent from the Yahoo Servers (helo=sonic301-7.consmr.mail.ne1.yahoo.com) indicating a compromised account.

The From is different than the reply.
From: Susan XXXXX <susan@yahoo.com>
Reply-To: Susan XXXXX <susan@outlook.com>

And, always a big flag that we are dealing with a Yahoo Account.  Assume ALL Yahoo accounts have been compromised and any information in the account (even data in the sent items) are all in a searchable database the bad guys use.

https://www.darkreading.com/attacks-breaches/yahoo-all-3-billion-accounts-affected-in-2013-breach/d/d-id/1330039