Like everyone else (well, maybe more than everyone else) I regularly get these phishing messages (“we try to make you click on the attachment, which of course is riddled with mal/ransomware”).
Hilarious to me, when it is sent to an automated, harvested e-mail address, which is 32 years old now (still works, obviously), and a “honeytrap” address these days.
Usually I just click on the “Junk” button, so the sender’s email address is fed into the global anti-spam and anti-phishing databases (the kind of ‘Spamhaus‘, SORBS, SPEWS, and such, which I helped survive against massive dDoS attacks originating from Russian spammers between 2002 and 2005) and thus “burned” … but in some cases, like this one, I am curious where they actually come from.
In this case, no effort is made to hide the origin in the SMTP headers:
Looking up that IP in geo-location services, three different services put it in St Petersburg, Russia (formerly known as ‘Leningrad’, now the second largest city in the Russian Federation):
That does not necessarily mean it is Russians behind it, but for such a lame phishing attempt, it seems hardly useful to run a proxy-server in St Petersburg to make it look like it comes from there.
So, to my friends over there behind the digital iron curtain: nice try! :wink:
Lesson for the esteemed reader: do not ever click on attachments you have the slightest doubt about; if the common-sense-check on a message fails, delete it.
If you are sure it is spam: “junk” it instead of “delete” – as outlined above, it burns the sender e-mail address in a very short time.
And if you actually think such a message could have any validity at all, go directly to your provider’s website (manually!) and check on it there — let me repeat: do not ever click on any attachments.
Especially if you are of the faithful kind and run Microsoft Windows of any version …