Beware of suspicious email from reckonaustralia

Categories » » All Pages
23rd November 2016

Emails with a highly suspicious “Report.xls” Excel file attached are being sent out by, a domain name registered in Moscow, Russia on 20 November 2016. This message is definitely NOT associated with Reckon Australia, the accounting software company.

The email message

Message from : Virtus Health Limited, <accountshosted @>
Date : Wednesday, 23 November 2016
Subject : debtors

File Attachment : Report.xls

Please review the attached report. Feel free to contact us if you have any questions.

Thank you.


Virtus Health Limited

This type of bogus email is not difficult to spot. I expect the Excel file contains some sort of Malware, not that I actually opened it to find out ! Simply delete the message upon receipt.

The message was actually sent from a mail server located in Paris, France.

Header code analysis

Received: from ([]:45824
IP address lookup : Origin = Paris, France

Whois Domain Name Owner Search : (Server location)
Organisation: ORG-HW22-RIPE
Org-name: Hugo Weiss
Org-type: OTHER
Address: 3 rue philibert lucot
Address: 75013 Paris
Address: France

Whois Domain Name Owner Search : (Where registered)
Creation Date: 2016-11-20
Registrant Name: Protection of Private Person
Registrant Organization: Privacy Protection
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant Postal Code: 123007
Registrant Country: Russia

Thanks Hugo.

More related pages …

ATO Ransomware Phishing Emails
Beware of this fake email allegedly from the Australian Taxation Office being sent by the phishing domain name The Word doc file attached is undoubtedly Ransomware.
India SEO Scammers Exposed pretending to be based in Australia
The recent avalanche of Search Engine Optimization emails claiming your website contains “meta-data related mistakes” purport to be from Australia. BUT NO. Investigation exposes their o...
Warning about DomainRegister letter that looks like an Invoice
Have you just received a letter from “DomainRegister Pty Ltd” that looks very much like an Invoice asking for payment to register a domain name? Well, do read the fine print very carefu...