I’ve had phone calls from three individuals who were concerned as they had received emails regarding a credit card payment, containing an attachment and purporting to be from Rotographic!
These emails are NOT from Rotographic, there is no one who works for Rotographic called Stan Macnair and the email address ‘firstname.lastname@example.org’ is not used and has never been used. The attachment these messages include is an .arj file. I had no idea what an .arj file is, but it appears to be some kind of compressed archive file, similar to a .zip file. It should not be opened as it is highly likely to contain malicious files (phishing – which seems to be all the rage these days).
It’s fairly easy to fake the ‘From’ address of an email and whoever is sending these has inserted a made up Rotographic email address. The actual email text just says ‘Sales Department’ so it’s likely whoever is sending them has probably sent the same message using lots of other fake ‘From’ addresses. DO NOT open the file.
I hope it doesn’t lead to genuine Rotographic emails being blocked, as that could impact my business. If possible, please do not report or blacklist the ‘Rotographic’ email address.
Here is a copy of the message received by a Mr Owen at 12.36 on 2/9/2014:
From: Stan Macnair [mailto:email@example.com] Sent: 02 September 2014 12:36 To: *Mr Owens email address removed* Subject: Order no. 75829051838 Thank you for using our services! Your order #75829051838 will be shipped on 07-09-2014. Date: September 02, 2014. 12:12pm Price: £122.96 Payment method: Credit card Transaction number: F2785F73343E72 Please find the detailed information on your purchase in the attached file (sale_2014-09-02_11-35-29_75829051838.arj) Best regards, Sales Department Stan Macnair +07572-81-84-41
From the text I wonder if the source of these messages is from abroad, for the following reasons:
- sale@ is an odd email address, most native English speakers would use sales@
- Many (but not all) people of Scottish decent would call themselves MacNair and not Macnair.
- Order numbers in British English don’t tend to have a preceding # (but some do if US software is used)
- The phone number that appears to be a UK mobile has a preceding +, which is odd and unnecessary
- The phone number and the date nearer the top are separated by hyphens, which is something I have never seen in British English