Computers & Electronics

Sketchy email from Canada Computers

  • Last Updated:
  • Sep 12th, 2020 7:46 pm
Newbie
May 22, 2015
43 posts
38 upvotes

Sketchy email from Canada Computers

I got an email this morning from Canada Computers that appeared to be legit, but I saw red flags when it asked me to open a zip file with a password.

First, Windows defender managed to detect a trojan when I attempted to extract it. The file contains a "word" document so, I opened my VM without networking and opened the "doc" there. All I saw in the document was a sketchy image that said "This document created in a previous version of Microsoft Office Word. To view or edit this document, please click "Enable editing" button on the top bar, and then click "Enable content"".

Here's an album of images that I compiled of my findings.

I looked this up and this looks similar to the Ursnif trojan.

It wouldn't surprise me if Canada Computers got compromised again considering they just had a data breach about 2 years ago.
12 replies
Deal Addict
Jan 8, 2015
2908 posts
2331 upvotes
Exactly! Mind-boggling that people still purchase from them after that.
Deal Addict
Jul 26, 2018
1801 posts
2840 upvotes
Canada, eh?
Got the same one, looks like they got breached...again.
Capture.JPG
Deal Addict
Jul 26, 2018
1801 posts
2840 upvotes
Canada, eh?
Looks like the attacker is spoofing the email address. Fails SPF and DMARC. They're using a known spam SMTP server to send out the emails.
But obviously they would need to know the emails of CC customers in the first place, so most likely there was a breach from CC's side -- either from the incident 2 years ago or something else came up.
Capture.JPG
Captur2e.JPG
Deal Guru
Dec 20, 2018
10130 posts
10239 upvotes
OneFlex wrote: I got an email this morning from Canada Computers that appeared to be legit, but I saw red flags when it asked me to open a zip file with a password.

First, Windows defender managed to detect a trojan when I attempted to extract it. The file contains a "word" document so, I opened my VM without networking and opened the "doc" there. All I saw in the document was a sketchy image that said "This document created in a previous version of Microsoft Office Word. To view or edit this document, please click "Enable editing" button on the top bar, and then click "Enable content"".

Here's an album of images that I compiled of my findings.

I looked this up and this looks similar to the Ursnif trojan.

It wouldn't surprise me if Canada Computers got compromised again considering they just had a data breach about 2 years ago.
secretalcoholic wrote: Got the same one, looks like they got breached...again.

Capture.JPG
Looks more like a spoofed sender email and not actually sent by them
Deal Addict
Jan 29, 2017
3872 posts
2505 upvotes
OneFlex wrote: I got an email this morning from Canada Computers that appeared to be legit
Look at the detailed header of the email. Feel free to copy/paste here (with your info removed).
Deal Addict
Sep 19, 2015
2282 posts
874 upvotes
Kleinburg, ON.
I was wondering if that was legit because I did buy something from them a few days prior to this email... I was like, hey why are they sending me a 2nd invoice after the first one? My anti-virus went off all kinds of alarms when I downloaded the file lol
Sr. Member
May 31, 2017
714 posts
1005 upvotes
Perhaps OP should change the title referencing that it's not ACTUALLY a Canada Computers email...
Deal Addict
Jul 26, 2007
1425 posts
640 upvotes
BatCountry wrote: Perhaps OP should change the title referencing that it's not ACTUALLY a Canada Computers email...
yeah, I get CC has gone downhill lately, but let's criticize them for things they actually did, not a spoof email that's not even from them.
Deal Addict
Jan 8, 2015
2908 posts
2331 upvotes
Clement wrote: yeah, I get CC has gone downhill lately, but let's criticize them for things they actually did, not a spoof email that's not even from them.
Isn't that what is being talked about in this thread? Customer database compromised again? Or data from previous breach? That's something CC did, allowing their customers info to be exposed. Is it happening again?
Sr. Member
May 31, 2017
714 posts
1005 upvotes
Quickman wrote: Isn't that what is being talked about in this thread? Customer database compromised again? Or data from previous breach? That's something CC did, allowing their customers info to be exposed. Is it happening again?
No...it was a spoofed email pretending to be from Canada Computers. It's a pretty big assumption to assume that they know who CC's customers are...people spoof emails and send out spam to A LOT of people. Just because you once shopped at CC and received spoofed email spam doesn't mean that the spammer knows you shopped there...lol That's like saying the fake CRA phone call threatening you with jail time from the "department of justice" must know your SIN number.
Deal Fanatic
Mar 21, 2010
6737 posts
3998 upvotes
Toronto
BatCountry wrote: No...it was a spoofed email pretending to be from Canada Computers. It's a pretty big assumption to assume that they know who CC's customers are...people spoof emails and send out spam to A LOT of people. Just because you once shopped at CC and received spoofed email spam doesn't mean that the spammer knows you shopped there...lol That's like saying the fake CRA phone call threatening you with jail time from the "department of justice" must know your SIN number.
Maybe, but the CRA spammers know that the CRA is a very relevant organization for almost all the numbers they autodial because of area codes. CC is completely irrelevant to almost every email address in the world. I mean logically if email spammers had no insight and were just picking random emails, we'd be getting spoofed emails from grocery stores in Australia and car dealerships in Brazil.
Sr. Member
May 31, 2017
714 posts
1005 upvotes
Depends where they get their email lists...realize that there are all sorts of lists that link you, your email, your general location (if not your actual address) and a wide variety of other info that could include everything from places you’ve been (shopping, vacation, etc), where you work, etc. Google your name and search the various lists you show up on...

Top

Thread Information

There is currently 1 user viewing this thread. (0 members and 1 guest)