Friday, March 19, 2010

vCard-based hack attempt?

The short message below was accompanied by file named jamestyler.vcf, which would appear to be a vCard file — something that you'd click to add someone's contact info to your Outlook address book. However, the .vcf file is malformed. Is it an attempt to hack Outlook?

Do not click or open attachments that you receive from anyone you don't know — or even from someone you do know, if the message looks suspicious. This message certainly looks suspicious, based not only on its content, but also by the from and reply-to email addresses, and also by the fact that my address was a "bcc" address.

This message entered the mailstream from the entelchile.cl server, which is is hosting company in Chile. Don't be fooled by responding to such messages, or by clicking their attachments.

From: James Tyler jamestyler@123mail.cl
Date: March 19, 2010 12:31:23 PM PDT
Reply-To: jamestyler@go.badgers.com

From James Tyler (For Trustees)
Managing Partner (Anderson & Tyler)
London - United Kingdom.

Notification of Bequest

On behalf of Anderson and Tyler Chambers, Trustees and Executors of the estate of Late Schulz Wagner, I once again try to notify you as my earlier letter was returned undelivered. I hereby attempt to reach you again by this same email address.

Please if I reach you, as I am hopeful, endeavor to get back to me as soon as possible for further details.

I look forward to your prompt response.

Yours sincerely,
James Tyler

1 comment:

  1. Malformed in what way? Vcard is text format. It can contain links (a URL and a "photo" URL that may be malicious though

    ReplyDelete