Fake Cover-More Insurance Emails Carry contains zipped exe-file carrying malware
The email claims to be from popular Australian based travel insurance provider Cover-More, and disguised as a Travel Insurance policy is a malicious exe-file. The email urges their victim to open the attached .zip file to view the Certificate of Insurance.
The body text of the email says:
Subject: Cover-More Travel Insurance Cover (policy number: 34674293) (– Note that the policy number various in different examples we have seen.)
Thank you for choosing to travel with Cover-More Travel Insurance.
You have chosen to purchase a policy with Australia’s most popular travel insurance provider, trusted by over 1,000,000 Australian travellers each year.
Attached is a copy of your Certificate of Insurance along with a copy of the Product Disclosure Statement (PDS), which we encourage you to read.
Remember to keep your emergency assistance card with you when travelling and our 24 emergency assistance team are here to help you.
We hope you have a safe and enjoyable journey,
Cover-More Travel Insurance Team
P 1300 72 88 22 | E firstname.lastname@example.org
A Private Bag 913 North Sydney NSW 2059
Although it looks legitimate, the email is not from Cover-More insurance and the attached file does not contain insurance information as claimed. In fact, the zipped file contains an .exe file that will install malware on the recipient’s computer. Typically, once installed, such malware can make connections with remote servers operated by hackers and download further malware and harvest personal information from the compromised computer. Often, criminals are able to use the compromised computers to launch further spam and scam campaigns. Note that the policy numbers vary in the different emails we have seen.
Cover-More has already published a “Hoax Email Alert” notice on its website warning people about these malicious emails. Cover-More states it does not send out policy information via .zip or .exe files. If you receive such emails, do not open any attachments or click on any links that it contains. If you have already opened the attached file, you are advised to run up-to-date anti-malware and anti-virus scanners to clean any malware from your system.
Omniquad clients using Mailwall Remote email filtering are protected from these types of email scams and malware.
Protect yourself from email frauds.
- Never click on Hyperlinks within emails, instead, copy and paste them into your browser.
- Do not open any file attached to the email.
- Always look for “https://” and padlock on web sites that require personal information.
- If you didn’t initiate a transaction to which an email is referring, it’s probably a scam.
- Never respond to spam / suspicious email or emails from unknown senders.
- Do not supply your personal / Bank account information to strangers, they are most likely scammers.
- Use spam filtering software.
– The Omniquad Security Team