You Have Received a Secure Message - Email Scam

Story:

From: xxxxx
To: xxxxx
Subject: You have received a secure message

You have received a secure message

Read your secure message by opening the attachment, securedoc.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it in a Web browser. To access from a mobile device, forward this message to mobile[@]res.cisco.com to receive a mobile login URL.

If you have concerns about the validity of this message, please contact the sender directly. For questions about Key’s e-mail encryption service, please contact technical support at 888.764.7941.

First time users – will need to register after opening the attachment.
Help – https://mailsafe.keybank[dot]com/websafe/help?topic=RegEnvelope
About IronPort Encryption – https://mailsafe.keybank[dot]com/websafe/about

Attachment securedoc.html

Other Versions

You have received a secure message from Bank Of America
Read your secure message by opening the attachment, securedoc.html. You will be prompted to open (view) the file or save (download) it to your computer. For best results, save the file first, then open it.

If you have concerns about the validity of this message, please contact the sender directly.

First time users – will need to register after opening the attachment.
Help – https://securemail.bankofamerica[dot]com/websafe/help?topic=Envelope

Picture about You Have Received a Secure Message — You Have Received a Secure Message

Analysis:

These are email messages coming in many variants, using the brand names of reputed financial companies. The messages claim that the user has received a secured message from the company, in the form of attachment and needs to download and save the file in order to access the information. Although the messages try to make themselves look authentic with official website links and support details, the message is not a fact. It is a scam email intended to mislead the user and download malicious software.

About the Scam

The email users who fell for these scam emails downloaded the attached .zip file, and when it was unzipped, they were presented with a .exe file named “SecureMessage.exe” or something similar. When they proceeded to open this .exe file, unknowingly they have installed a version of the W32.Changeup malware on their computers. These types of Changeup malwares can make contact with a remote server and download and install more malware. Security firms have also warned users about this new variant of Changeup malware, that cyber criminals have launched a new spam campaign to spread this malicious element. These emails mainly used names of reputed financial institutions like Bank of America, Australia’s Commonwealth Bank, while others claim to be coming from Cisco.

How to Avoid

To avoid becoming victims of such malicious attacks, users must avoid opening unknown attachments or clicking unidentified links that come with suspicious emails. Users should also use an antivirus solution in the background that can protect them from known cyber threats.

If You are a Victim

If you think you have become a victim of this W32.Changeup malware while you have downloaded the attachment, you are advised to run a full system scan using an antivirus solution that is capable of detecting the threat. There are plenty of such antivirus vendors to chose from. You can read about them in the second link of reference section.