The Utility Regulation and Competition Office (OfReg) would like to inform the public that, we were notified of a widely circulating ‘Phishing Email’ campaign targeted at both the public and private sectors across the Cayman Islands.
What is Phishing Email
Phishing emails are often referred to as fake, spam and suspicious emails. The purpose of phishing emails are to encourage and persuade you to compromise your personal data or your organisation’s security by asking you to reveal passwords, personal information, financial information, to transfer funds, to visit fake websites, to click on malicious links, open malicious files and the like.
What to Look out for
Simple tips you can use to spot phishing emails include: hovering your cursor over the link, checking the sender's email address carefully, looking out for emails which purport to have a sense of urgency or include threats.
This particular ‘Phishing Campaign’ includes an attached file.
The .ZIP file is suspected to be an EXCEL file containing Malicious Macros which would likely execute the malicious payload upon opening
The Excel attachment is been named to appear relevant
The actual file name of the Malicious File used in the Phishing Campaign is:
Compensation_Reject_163807...9142020.zip Malicious (72.4 KB)
File: Compensation_Reject_1638072810_09142020.xls 110.5 KB
Result: macro - archive - malicious formula
Compensation_Reject_16380...9142020.xls Malicious (110.5 KB)
The subject of the email, may be:
Subject Re: RE: Statement from ABCDEFG LTD.
What to do if you have received the Phishing Email:
1. You should provide your personnel with regular cyber awareness training. Regarding, this particular ‘Phishing Email’ campaign, your personnel should be advised that if they receive the suspicious email, they should not open the email attachment or click on the link with the email.
2. If any of your personnel, have already mistakenly, opened the attachment or clicked on the link, you should immediately turn off your computer and seek assistance from your IT Department.
3. If any of your personnel, have received the email and have not opened it or clicked on the attachment/link, then report it immediately to your IT Department, Line Manager or the nearest police station.