Subscriber Discussion

Infected Email From Hikvision ( Ahmed Faris)

Karsten Kirchhof

•Feb 11, 2018

I got an infected email from Hikvision:

	Details:

Von: Financial Department Devision <Ahmed.faris@hikvision.com>
Datum: Sun, 11 Feb 2018 01:45:35 -0800
Betreff: RE: URGENT REVISED INVOICE CONFIRMATION

Falls Ihnen der Absender persönlich bekannt ist, sollten Sie ihn darauf hinweisen, dass sein PC oder Mobilgerät möglicherweise von einem Virus befallen ist.

It´s been deleted by my email provider.

Anybody else?

Reactions:

Undisclosed #1

•Feb 11, 2018

Karsten, do you know or have any previous contact with this Ahmed Faris?

Reactions:

Karsten Kirchhof

•Feb 11, 2018

In reply to Undisclosed #1

No, never had any contact to Ahmed Faris, nor Hikvision directly.

Reactions:

Jon Dillabaugh

•Feb 11, 2018

Pro Focus LLC

It’s not likely that this message actually came from Hikvision. Do you have the entire message header?

Reactions:

(1)

Undisclosed Integrator #2

•Feb 11, 2018

I usually get those from Fedex and UPS.

You know, download the shipping attempt document.

track@upsinc.com and such ;)

Reactions:

Karsten Kirchhof

•Feb 12, 2018

Hikvison Financial Notice

I tried to answer, but...:

This is the mail system at host presg-eu-00.hikvision.com.

I'm sorry to have to inform you that your message could not
be delivered to one or more recipients. It's attached below.

For further assistance, please send mail to postmaster.

If you do so, please include this problem report. You can
delete your own text from the attached returned message.

The mail system

<Ahmed.faris@hikvision.com>: host 10.1.208.143[10.1.208.143] said: 550 5.1.1
Error: invalid recipients is found from 10.1.208.144 (in reply to RCPT TO
command)

Header and Hikvision MENA adress is correct.

Just a few days after Intersec in Dubai the timing nearly made me tap in the trap,

but obviously there is no Ahmed Faris at Hikvision.

It seems to be just some standard fake mail.

THX, Jon.

Reactions: