A just-arrived spam claimed “Your Money on Bank Account has Been Stolen” and provided a link to a Chinese site for a free trial of “TrendMicro AntiSpyware.”
This spam has a German domain as the sender, a Polish mail server, a Chinese domain suffix, and an IP address in New Jersey, as the “legitimate” download link for software from security software firm Trend Micro. The email said it is from TrendMicro Asia, obviously to make the viewer more comfortable with visiting the dot-cn domain for the download.
Any comfort one has should end upon visiting the link, trendmicroinc.cn. It’s a complete copy of the real Trend Micro site. A prominent image on the home page provides a direct link to downloading the anti-spyware product.
As with many phishing scams, the grammar usage of the phish contains enough problems that a wary reader should spot it quickly as a fake. The subject line as noted above should be an immediate tipoff; why would Trend Micro tell someone about their bank account?
After the subject line, the phish looks very good. It appears to be a copy of Trend Micro promotional boilerplate in English. That would explain how it waltzed past a couple of layers of anti-spam protection without a problem.
We’re passed the message along to Trend Micro and a couple of other helpful sources online to deal with the issue.