“AlWasail Industrial Company email”. What are these spam emails?

Written by Robert Bailey

The AlWasail Industrial Company email virus is a common callsign for the unwanted email spam you can get in your mail client. These messages contain fake requests about your deal with AlWasail Industrial Company company. In this email, you can see the trade offer from the mentioned company. As the letter states, more info is available in the attached document and by the link at the bottom of the message. The malware injection will happen right after opening the file, and the link in that message leads to a phishing site. You will see the full explanation of this scam, as well as the possible risks related to it in this article.

GridinSoft Anti-Malware Review
It is better to prevent, than repair and repent!
Removing email scam manually may take hours and may damage your PC in the process. I recommend you to download GridinSoft Anti-Malware for threats removal. Allows to complete scan and cure your PC during the trial period.
Gridinsoft Anti-Malware 6-day trial available.
EULA | Privacy Policy | 10% Off Coupon
Subscribe to our Telegram channel to be the first to know about news and our exclusive materials on information security.

What is the AlWasail Industrial Company email virus?

The name which this scam uses does not mean that a person from AlWasail Industrial Company really tells you about the possible deal. In fact, the chance that you are awaiting for the deal agreement with this pipeline manufacturer is quite low. The fraudsters who distribute TrickBot virus in such a way just choose this callsign to lull the vigilance. And at the moment when the possible victim gets this message, he/she will not even think that this is a phishing1. What is more likely, users will follow the link and open the file from this email, just because of interest.

AlWasail Industrial Company email spam

The emblem of a legit company. Fraudsters use it as a disguise.

Crooks added even bigger lure to the text of this message. They say that they are ready to apply a huge discount for you, if you apply the terms they are offering. The motivations, as the message says, are displayed in the attached Word document, together with the common tarrifs. The fraud text can vary depending on the humor of scammers. Everything looks legit, so the victim will likely check the attached document. The TrickBot trojan is hidden in the macros element inside of the file. Sufferer sees the offer to allow macroses, and at this second the virus starts its activity.

The website which fraudsters offer as a source of additional documents is a phishing parody of Office 365 site. After opening it, you will see the offer to log into your Office 365 account. After typing your credentials, you will expectedly see the login error, but this site sends your credentials to the spammers. People often use that Microsoft service to store their documents and photos. This login data for this account can bring a large profit to fraudsters.

Malicious email text:

Subject: Re: RFQ for HDPE Pipes

xc for HDEP Pipes.pdf 108 KB
Advise Payment..pdf 63 KB

2 attachments (171 KB) Preview Download all

thank you. hxxps://www[.]alwasail[.]com/wp-content/uploads/alwasail-fm-approved-v1.pdf

Saleh A.Al Mushekih
AlWasail Industrial Company

AlWasail Industrial Company
P O Box : 21599,
Riyadh – 11485, Saudi Arabia
Mobile : +966 50 5456357
Email : saleh@alwasail[.]com
Web : http://www[.]alwasail[.]com

How dangerous the AlWasail Industrial Company email virus is?

Regardless of the stimulus the user opened the link/file, he will get different viruses on his PC. The exact class of the virus is not related to the contents of the spam email, since all malicious items are distributed by the same cybercriminals. These viruses are just downloaded to your PC as a part of Microsoft Word or Excel file, right from the mailing application or from the link attached to the AlWasail Industrial Company email virus letter. No difficult methods, like exploit kit usage – victims will do everything themselves.

Here is a short description of AlWasail Industrial Company email virus:
NameAlWasail Industrial Company email virus
TypeEmail spam
Hazard typeTrickBot Spyware, Phishing website
Malware sourceMalicious links and files attached to the email
DisguiseDeal offer from AlWasail Industrial Company
Protection methods
To remove possible virus infections, try to scan your PC

This malware spreading scheme is used to spread spyware, banking trojans and keyloggers. All of them are targeted on your sensitive data, the most often – on the crucial login credentials. The second possible virus can be the most critical one if you use online banking. It is targeted on gathering the login credentials on the web pages of the banks, so it can easily hijack your login/password. So, the cyber burglars will be free to do whatever they intend with your money2.

At the same time, spyware can miss your banking logging keys, but will definitely thief all possible info about you and your personal computer. List of the installed programs, often-used applications, anti-malware software onboard, logins and passwords for the social networks – this and a lot of other info will be collected and sent to the command server.

Can I avoid this scam?

The things are not so hopeless for the AlWasail Industrial Company email virus. It is quite easy to find the difference between the counterfeited email. First, you need to reminisce if you have a AlWasail Industrial Company email saving or deposit account. It can be very humorous to spectate this sort of email spam when you don’t have one. However, some users may click the added file/link just because of the simple inquisitiveness.

People can do spontaneous acts, and this is just such a case. Another item that can help you to understand that someone attempts to scam you is the sender’s email address. Official AlWasail Industrial Company email address has a specific domain name, and the scammers will definitely not be able to get an email address in this domain. Instead, spammers will likely create an email address like “noreply-support3322280@gmail.com” or even “usdfb02309@aol.com”. It is very easy to differentiate the first one from the second and third, isn’t it?

 AlWasail Industrial Company email email scam

The example of dubious email address on another online spamming campaign

The final defence layer is an security tool. A big number of users have their email chats in the separated app, called mail client. Some of that clients download the attached file at the moment when you open the email. In this case, you need to have an security tool which is capable of on-run protection. Last function makes it possible to prevent the virus starting when the situation is just like I have described before. Same situation is with added links: to discover that these links are malicious, the antivirus tool must have an internet protection function. All of these functions are available in GridinSoft Anti-Malware, and I will recommend you to use it to protect your PC from AlWasail Industrial Company email virus and similar hazards.

What can I do if I have clicked on the link/file in the spam email?

Don’t panic. The spyware activity is not a doom. Of course, the important documents you have on your computer is definitely in danger, but the credentials can easily be changed. First of all, you need to get rid of the viruses you have got because of the AlWasail Industrial Company email virus. I can offer you to make use of GridinSoft Anti-Malware to perform this step.

Removing the viruses with GridinSoft Anti-Malware

  • Download and install GridinSoft Anti-Malware. After the installation, you will be offered to perform the Standard Scan. Approve this action.
  • Gridinsoft Anti-Malware during the scan process

  • Standard scan checks the logical disk where the system files are stored, together with the files of programs you have already installed. The scan lasts up to 6 minutes.
  • GridinSoft Anti-Malware scan results

  • When the scan is over, you may choose the action for each detected virus. For all files of the viruses distributed through the described phishing the default option is “Delete”. Press “Apply” to finish the malware removal.
  • GridinSoft Anti-Malware - After Cleaning

Now, when the virus is removed, you need to remember which credentials you inputted after clicking the spam message. Malware is not omnipotent, and is not able to steal the logins and passwords which were not in use. So, keep calm and change the login details that are about to be compromised.

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

References

  1. About phishing methods and ways of counteraction.
  2. Detailed description of the banking trojans on Investopedia

About the author

Robert Bailey

I'm Robert Bailey, a passionate Security Engineer with a deep fascination for all things related to malware, reverse engineering, and white hat ethical hacking.

As a white hat hacker, I firmly believe in the power of ethical hacking to bolster security measures. By identifying vulnerabilities and providing solutions, I contribute to the proactive defense of digital infrastructures.

Leave a Reply

Sending