Emails with a highly suspicious “Report.xls” Excel file attached are being sent out by reckonaustralia.org, a domain name registered in Moscow, Russia on 20 November 2016. This message is definitely NOT associated with Reckon Australia, the accounting software company.
The email message
Message from : Virtus Health Limited, <accountshosted @ reckonaustralia.org>
Date : Wednesday, 23 November 2016
Subject : debtors
File Attachment : Report.xls
Please review the attached report. Feel free to contact us if you have any questions.
Virtus Health Limited
This type of bogus email is not difficult to spot. I expect the Excel file contains some sort of Malware, not that I actually opened it to find out ! Simply delete the message upon receipt.
The message was actually sent from a mail server located in Paris, France.
Header code analysis
Received: from mail114.reckonaustralia.org ([18.104.22.168]:45824 helo=mail106.reckonaustralia.org)
IP address lookup : Origin = Paris, France
Whois Domain Name Owner Search : 22.214.171.124 (Server location)
Org-name: Hugo Weiss
Address: 3 rue philibert lucot
Address: 75013 Paris
Whois Domain Name Owner Search : reckonaustralia.org (Where registered)
Creation Date: 2016-11-20
Registrant Name: Protection of Private Person
Registrant Organization: Privacy Protection
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant Postal Code: 123007
Registrant Country: Russia