Warning over fake Vodafone e-mail which carries malware

The fake e-mail appears to show a bill, and asks customers to pay it

Warning over fake Vodafone e-mail which carries malware

File photo

Updated 21.00

An internet security firm is warning about an e-mail being sent purporting to be from Vodafone.

ESET Ireland claims the e-mail actually carries the Nemucod trojan.

Nemucod can download ransomware which encrypts data on a computer and demands ransom.

The fake e-mail appears to show a bill, and directs customers to click to view their bill.

Source: ESET Ireland

ESET Ireland says clicking on the link downloads a ZIP file called "Vodafone bill.zip" - which contains a JavaScript file called "Vodafone bill.js".

It says because most Windows users have file extensions turned off by default, many fail to spot this is a JavaScript file - one of the very common ways for cybercriminals to deliver malware.

The security firm says: "The code is heavily obfuscated, but once activated, it proceeds to download the Nemucod trojan, which is used for further downloading all kinds of malware, ranging from ransomware to backdoors and banking trojans.

"Ireland has been one of the countries worst affected by Nemucod in the past, having a 50,42% detection rate in Ireland, while the world average was 15,82%."

A similar e-mail campaign, using British telecoms firm BT as bait, was active in May 2017.

ESET Ireland us urging caution when receiving e-mails like these and avoiding clicking on unverified links or opening attachments downloaded from them.

In a statement today, Vodafone said: "We do not have any reports of this affecting our customers.

"This Trojan Malware, while using the alias of Vodafone brand as leverage to deceive unsuspecting customers, is not specifically effecting Vodafone customers. This is not a result of any breach or loss of Vodafone customer information – you’ll find that there are non-Vodafone customers receiving identical emails."

Vodafone offers several online security tips to help spot the fake e-mails.

On its website, Vodafone says: "There has been a number of online scams posing as Vodafone recently. Vodafone only use secured webpages.

"Before you enter any personal information, especially passwords or financial information, make sure that the website belongs to us."