An email from UN – attachment ATM_CARD_1.doc – IRREVOCABLE PAYMENT ORDER VIA ATM CARD

Received an email from UN@ – no email domain on the sender list and that’s why my email identified as spam.

Attachment was a doc file – ATM_CARD_1.doc – Checked various websites (malwr.com, virustotal, shodun) but no information about mentioned DOC file.

MD5 : 2134a6afb12a5a2bcdd77b09e43a8e29 – not reported.

Uploaded the file on virustotal but did not find any hits – https://www.virustotal.com/en/file/058767db41be4365c137dfd2ed857e86211c724a3037c561f7a9d0f994e6c829/analysis/1443706261/

Exiftool output

xifTool Version Number : 8.60
File Name : ATM_CARD__1_.doc
Directory : .
File Size : 86 kB
File Modification Date/Time : 2015:10:01 13:01:39+00:00
File Permissions : rw-r—–
File Type : DOC
MIME Type : application/msword
Author : FullNameHere
Template : Normal
Last Modified By : SONY
Revision Number : 2
Software : Microsoft Office Word
Total Edit Time : 2.0 minutes
Last Printed : 2010:11:24 17:52:00
Create Date : 2015:09:28 02:38:00
Modify Date : 2015:09:28 02:38:00
Pages : 1
Words : 436
Characters : 2491
Security : None
Company : OrgHome
Lines : 20
Paragraphs : 5
Char Count With Spaces : 2922
App Version : 12.0000
Scale Crop : No
Links Up To Date : No
Shared Doc : No
Hyperlinks Changed : No
Title Of Parts :
Heading Pairs : Title, 1
Code Page : Windows Latin 1 (Western European)
Hyperlinks : http://www.yahoo.com/_ylt=AkJ_84uMIDD6A0cgsAd.wbubvZx4;_ylu=X3oDMTNoamk4OG9oBGEDMTAwODE3IFNFRyBzaGluZSBpZGVudGl0eSB0aGVmdCB0BGNwb3MDMwRnA2lkLTM2MjMyBGludGwDdXMEcGtndgM4BHBvcwMxBHNlYwN0ZC1mZWF0BHNsawNpbWFnZQRzbHBvcwNGBHRlc3QDNzAx/SIG=13ip2d9rl/EXP=1282263418/**http%3A/shine.yahoo.com/event/financiallyfit/13-things-an-identity-thief-wont-tell-you-2299277/, http://www.uneca.org/istd/ict/images/UN-logo%5b2%5d.GIF, http://www.uneca.org/istd/ict/images/UN-logo%5b2%5d.GIF, http://www.uneca.org/istd/ict/images/UN-logo%5b2%5d.GIF, http://www.uneca.org/istd/ict/images/UN-logo%5b2%5d.GIF
Comp Obj User Type Len : 39
Comp Obj User Type : Microsoft Office Word 97-2003 Document

Last modified by seems interesting as it says SONY. The attachment has no links for a user to click. However, it requests personal information and informing to pay 250 K Pounds.

Email within doc : nationwbk@hotmail.com – personal email for UN 🙂
Email also had a number 0044-7010057597. Based on research the number is in london obviously but no information about a business. Likely a personal number.
http://www.searchyellowdirectory.com/reverse-phone/447010057597/

No malware found – just a social engineering attempt.

Spam are targeting most vulnerable entity in cyber world – HUMANS.