Beware of suspicious email from reckonaustralia.org

23rd November 2016
Article Publisher

Emails with a highly suspicious “Report.xls” Excel file attached are being sent out by reckonaustralia.org, a domain name registered in Moscow, Russia on 20 November 2016. This message is definitely NOT associated with Reckon Australia, the accounting software company.

The email message

Message from : Virtus Health Limited, <accountshosted @ reckonaustralia.org>
Date : Wednesday, 23 November 2016
Subject : debtors

File Attachment : Report.xls


Please review the attached report. Feel free to contact us if you have any questions.

Thank you.

Sincerely,

Virtus Health Limited

This type of bogus email is not difficult to spot. I expect the Excel file contains some sort of Malware, not that I actually opened it to find out ! Simply delete the message upon receipt.

The message was actually sent from a mail server located in Paris, France.

Header code analysis

Received: from mail114.reckonaustralia.org ([193.70.67.58]:45824 helo=mail106.reckonaustralia.org)
IP address lookup : Origin = Paris, France

Whois Domain Name Owner Search : 193.70.67.58 (Server location)
Organisation: ORG-HW22-RIPE
Org-name: Hugo Weiss
Org-type: OTHER
Address: 3 rue philibert lucot
Address: 75013 Paris
Address: France

Whois Domain Name Owner Search : reckonaustralia.org (Where registered)
Creation Date: 2016-11-20
Registrant Name: Protection of Private Person
Registrant Organization: Privacy Protection
Registrant Street: PO box 87, REG.RU Protection Service
Registrant City: Moscow
Registrant Postal Code: 123007
Registrant Country: Russia

Thanks Hugo.

 
Comments

What do you think ?

Add your comment ⇒

You may also be interested in …

ATO Ransomware Phishing Emails
0
Traffic Infringement Phishing Email Scam
0
1
India SEO Scammers Exposed pretending to be based in Australia
0
2
Warning about DomainRegister letter that looks like an Invoice
0