There are affiliate links on this page.
Read our disclosure policy to learn more.

Mailware Email, Subject = 'NEW ORDER' with an attachment, claiming 'We wish to inquire and purchase the attached product list; Please review the product list attached'

Email and Online Scams -

Have you received a email with an attachment from an unknown source?
Subject "NEW ORDER" from "Purchasing Department",
claiming "We wish to inquire and purchase the attached product list; Please review the product list attached"

Did you receive an email from NEW ORDER from Purchasing Department, claiming We wish to inquire and purchase the attached product list; Please review the product list attached ? Was their an attachment? Did you open the attachment?  Let's hope not!

Don't fall for it.  It is a scam and if you open the attachment, it will infect your computer, tablet or phone and allow the scammer to capture your passwords! Attachments from malicious emails can serve a means to load malware information stealers such as Loki, and other malware like Ursnif, and even ransomware onto your PC, phone or tablet.  Attachments typically include malware to infect your computer, tablet or phone and allow the scammer to capture control your device, using it to send out scam and spam emails, or steal your passwords  and bank information.

Beyond the problems from the attachment, if you call them back or follow their instructions you will lose money and possibly your identity! The people behind this are the worst kind of human scum; willing to do anything to scare, threaten, lie, cheat and steal money from anyone, including the elderly and poor. They usually operate out of Nigeria, China, Russia and even some developed western countries

Norton, the anti-virus company defines this sort of attachment as "malware", saying on their website:

"Malware is a category of malicious code that includes viruses, worms, and Trojan horses. Destructive malware will utilize popular communication tools to spread, including worms sent through email and instant messages, Trojan horses dropped from web sites, and virus-infected files downloaded from peer-to-peer connections. Malware will also seek to exploit existing vulnerabilities on systems making their entry quiet and easy."

Opening the attached file can install a virus or Trojan on the user's computer. Once installed, a virus and destroy your files, replicate itself, spam your friends and more. A Trojan can send your confidential, personal information to malicious servers and may download other malware.

The scammers rely on the fact that many recipients may open the attachment out of simple curiosity or concern. You should always be very cautious of any unsolicited emails that claim that a package delivery has failed or been returned. No legitimate delivery company will send notice of a failed delivery via an unsolicited email. Especially not with an attachment.

Sample Scam Email With a Malware Attachment:

Do NOT open any attachments!

In this case the attached file had the .CAB extension, which can easily contain executable files like viruses and malware, trojans, etc. See farther down the page for an explanation.


  1. Report received, May 18, 2013:

    -----Original Message-----

    From: Purchasing Department [mailto:vicxu@safe-pacific.com]

    Sent: Wednesday, March 24, 2021 8:22 AM

    To:

    Subject: NEW ORDER

     

    Good day ;

     

     We wish to inquire and purchase the attached product list

    Please review the product list attached and kindly quote your

     

    *Best available price

    *Terms of payment

    *Mode of product packaging

    *Production duration

     

    Salvador R. Purificacion

     

    Purchasing Department

    Head Office / Marine Division

    Hadi H. safe-pacific Group

    Prince Naif St., PO Box 3

    Rahima 31941 K.S.A.

    Tel: +966 013 667 0503 / 667 2944 Ext. 120

    Fax: +966 013 667 2359

    email: vicxu@safe-pacific.com

     

Information About NEW ORDER from Purchasing Department, claiming We wish to inquire and purchase the attached product list; Please review the product list attached

There are several websites that focus on reports of scam Emails.

The links below go to pages on these other websites were you can read reports about the scams associated with this phone number (NEW ORDER from Purchasing Department, claiming We wish to inquire and purchase the attached product list; Please review the product list attached ):

 

Recommendations- What to do:

Do  not open the attachment. Delete the email.

And please let us know about any suspicious calls or emails you receive.  We look for patterns so that we can alert the authorities and victims to new scams, before it is too late!

  • Only open email or IM attachments that come from a trusted source and that are expected
  • Use an anti-virus/anti-spam package (we recommend Norton 360 or Norton Internet Security scan all attachments prior to opening. Click here to see Norton 360 prices, reviews, ordering, etc. .
  • Delete the messages without opening any attachments
  • Do not click on links in emails that come from people you do not know and trust, even if it looks like it comes from a company you know.
  • Keep your anti-virus software up to date
  • Keep your operating system up to date with current security patches. Click here for an article that describes how to do this.
  • Be careful with sharing email addresses. D
  • Don't share your contact details on public web forums, social media, and other channels.
  • Keep up with the latest malware and spam threats. Knowing what scammers are up to and their malicious emails can help avoid even those that use the most convincing social engineering techniques.

Attachments - what are CAB files

 A CAB is a compressed archive file format (like a ZIP file) that is usually used for various drivers, system files, and other Windows components installations.
In this email malware, the CAB file contains a binary file, which is a .NET compiled dropper that eventually executes "Loki". The .NET dropper makes use of several layers of encrypted .NET modules that are then invoked.

the info stealer Loki through an attached Windows Cabinet (CAB) file. The email that bears the malicious file poses as a quotation request to trick the user into executing the binary file inside the CAB file.

Trend Micro Security - AntiVirus tells us about Loki:

Loki is an info-stealer malware that was first detected on February 2016. This malware first targeted Android systems and its capabilities include stealing credentials, disabling notifications, intercepting communications and data ex filtration.

Loki also exhibited ransomware behavior on October 2017 and was sold on underground hacking forums. On August 2018 up to present, Loki has targeted corporate mailboxes via phishing and spam emails. The phishing emails include a file attachment with .iso extension which downloads and executes the Trojan malware that steals passwords from browsers, mail, File Transfer Protocol (FTP) clients, messaging applications and cryptocurrency wallets..

Definitions: What are viruses, trojans, worms and more?

 Malware is a category of malicious software code that includes viruses, worms, bots, backdoors and Trojan horses. Malware uses popular communication tools to spread, including viruses and worms that are sent through email and instant messages, Trojan horses in email attachments or received when you visit a corrupted website, and virus-infected files downloaded from file sharing P2P connections. This can be confusing, so here is a simple breakdown. See this article from CISCO for a more detailed description.

Viruses

A computer virus propagates itself by inserting a copy of itself onto your computer. Viruses can range in severity from causing mildly annoying effects to damaging data files or software. Almost all viruses are attached to an executable file, which means the virus may be on your computer or in an email, but will not be active or able to spread until you run it, click on it, or open the file or attachment.

Worms

Computer worms are similar to viruses in that they reproduce copies of themselves and can cause the similar damage. But worms are standalone software and do not require the user to open an attachment (although they can) - often they take advantage of weaknesses in operating systems to spread from computer to computer throughout a network (home or company)

Trojans

A Trojan is named after the wooden horse the Greeks used to enter Troy. It is a harmful file that looks legitimate, such as "Attached is your invoice. Click here to open it.". Users are typically tricked into loading and executing it on their systems. After it is activated, it can achieve any number of attacks on the host, from irritating the user (popping up windows or changing desktops) to damaging the host (deleting files, stealing data, or activating and spreading other malware, such as viruses). Trojans are also known to create back doors to give malicious users access to the system.

Bots

"Bot" comes from the word "robot" and is an automated process that interacts with other network services. A typical good use of bots is to gather information (such as web crawlers), or interact automatically with instant messaging (IM), Internet Relay Chat (IRC), or other web interfaces. They may also be used to interact dynamically with websites. Bots can be used for either good or malicious intent. A malicious bot is self-propagating malware designed to infect a host and connect back to a central server that may control an entire network of compromised devices, or "botnet. Bots can include the ability to log keystrokes, gather passwords, capture and analyze packets, gather financial information, launch DoS attacks, relay spam, and open back doors on the infected host.

Backdoor

A back door is an undocumented way of getting into a computer system, bypassing the normal security logon mechanisms. Some back doors are placed in the software by the original programmer and others are placed on systems through a system compromise, such as a virus or worm. Usually, attackers use back doors for easier and continued access to a system after it has been compromised. This is commmon when software makes your computer a "zombie".

For a comprehensive list of national and international agencies to report scams, see this page.