Quotation Request Malicious Emails

After going over the email in question, we confirmed that "Quotation Request" is malicious spam, disguising itself as a potential purchase inquiry. The goal is to trick potential victims into opening the malicious attachment, leading to the infection of their devices with the Agent Tesla malware.

The spam email, with varying subjects like "Quotation Request April 2024," urges the recipient to review the attached document. This document purportedly contains a detailed request for a price quote, including specifications and quantities. Recipients are requested to provide their best available price along with direct contact information.

It's important to emphasize that this purported business proposal is fraudulent and has no affiliation with legitimate entities.

The attached file, named "Quotation.doc" (filename may vary), is infectious. Enabling macro commands (such as editing or content) upon opening triggers the download and installation of the Agent Tesla RAT (Remote Access Trojan). RATs are crafted to grant remote access/control over devices, with Agent Tesla particularly notorious for its data-stealing capabilities.

What Should You Do if You Opened a Malicious or Scam Email?

If you've inadvertently opened a malicious or scam email, here are steps you should take to mitigate any potential risks:

Disconnect from the Internet: Immediately disconnect your device from the internet to prevent further communication between your device and the attacker's server. This can help stop any ongoing data transmission or malware downloads.

Don't Interact with the Email: Refrain from clicking on any links, downloading attachments, or responding to the email. Any interaction with the email could potentially trigger malicious actions or confirm to the attacker that your email address is active.

Scan Your Device for Malware: Use reputable antivirus or anti-malware software to scan your device for any malicious software or files. Ensure your antivirus definitions are up to date before performing the scan.

Change Your Passwords: If you provided any personal information or credentials in response to the email, immediately change the passwords for the affected accounts. Additionally, consider changing passwords for other accounts as a precautionary measure.

Monitor Your Accounts: Regularly monitor your bank accounts, credit cards, and other financial accounts for any unauthorized transactions or suspicious activity. Report any suspicious activity to your financial institution immediately.

Report the Email: Report the malicious or scam email to your email provider as spam or phishing. Most email providers have built-in tools for reporting suspicious emails, which helps improve their spam filters and protect other users.

By taking swift and appropriate action, you can minimize the potential impact of opening a malicious or scam email and protect yourself against further threats.