Go to top of page

Multifaceted email ransomware campaign currently underway

Priority Level: 
High
7 September 2017

The first method uses a fake email that claims to be from eBay, with a common subject line ‘Your invoice for eBay purchases (098871971234567#)’. The ‘click’ link leads to a web page designed to download ransomware onto your computer. The invoice number changes for each email.

The fake email looks extremely convincing and is almost identical to a genuine eBay email.

ebay invoice scam screenshot

The second method is a short simple email with the subject line “Voice Message from 017234512978 - name unavailable”. The email message says “Click to listen Voice Message”. The phone number changes for each email.

When you press ‘click’ to listen to the message, you will be directed to a web page designed to download ransomware onto your computer.

What to do if you receive an email

If you receive fake emails like these, delete them immediately.

What to do if you’ve paid the ransom

If you’ve given your credit card or account details to pay the ransom, contact your financial institution immediately. 

What to do if you’ve been infected

  • Never pay the ransom. There is no guarantee that paying the ransom will fix your computer, and it could make you vulnerable to further attacks.
  • Restore your files from a back-up copy. Always have a recovery system in place so a ransomware infection can’t destroy your personal data forever.
  • Report the incident to ACORN.

What is ransomware?

Ransomware is a type of malicious software (malware) that makes your computer or its files unusable unless you pay a fee.

More information

To find out how to protect yourself from ransomware, and what to do if you’ve paid the ransom, go to Stay Smart Online.