Centrica Email Malware – Word document with Macros

This morning I received numerous copies of the following email purporting to be from Centrica British Gas Finance Teamcentrica.com, specifically a lady called Tracey White (See image below)

Centrica

Centrica Spoofed Email being received

The email came in with a Word attachment that unfortunately for the unwary has a Macro in it, now Word has a handy thing called Trust Center with various settings in it that if set correctly will block Macro content from running, in which case the Word document once open will ask you if you wish to enable content . . .  now here are my thoughts on this “NEVER NEVER NEVER ENABLE CONTENT” on any Documents that you receive via email or download from websites unless you are 110% sure that the source is trustworthy.

 

By enabling macros, you could be allowing a batch script to be executed, a Visual Basic script, a PowerShell script or even all three combined – finally leading to malware being downloaded onto your PC.

This could be anything from a Keylogger to a Ransomware . . . none of which you want on your PC or your Network.

So please be careful when opening attachments on emails and please be aware of this particular one that’s now doing the rounds.

As a footnote for anyone who’s interested, looking at the headers of this particular email it seems to have originated from Hanoi, Vietnam from the IP Address details it contains

Spoofed Headers

Headers from the Spoofed emails