Crimson International Scam Email - Don't Get Infected!

E-mail scams and phishing attempts are becoming increasingly common as cybercriminals look to trick unsuspecting victims into compromising their systems or disclosing sensitive information. One such scam that has been circulating recently involves emails that pretend to be from the pharmaceutical company Crimson International.

This article contains:

Overview of the Crimson International Email Scam

This fraudulent email claims to contain information about a pharmaceutical order from Crimson International. The email uses the company’s name and branding to appear legitimate at first glance.

The subject line of the email reads “Pharmaceutical order from crimson international.” The body contains a short message claiming they have a revised order and are requesting a price quote and certificate of analysis (COA).

However, upon closer inspection it becomes clear this is not a real communication from Crimson International. The email contains several red flags that indicate it is malicious spam or phishing attempt.

Some of the signs this email is a scam include:

Generic greeting without using the recipient’s name
Poor grammar and spelling errors
Requests sensitive information like pricing and certificates
Attachment with a potentially malicious file

The attachment that is sent with the email often contains malware or a remote access Trojan (RAT) that can infect the victim’s computer if opened. The specific malware being distributed is believed to be the Agent Tesla RAT.

This allows the attackers to gain full access to an infected system, allowing them to steal data, install more malware, or utilize the victim’s computer for their own criminal purposes.

It is important to note that this malicious email is not associated with the real Crimson International pharmaceutical company in any way. The scammers are simply impersonating the company in order to trick people.

Criminal Motives Behind the Scam

Cybercriminals orchestrate email scams like this Crimson International phishing attempt for a few key reasons:

Financial fraud – Getting access to business systems can allow scammers to conduct invoice or payment fraud, redirect transactions, or steal banking credentials.
Malware distribution – Sending malware like Agent Tesla through phishing emails allows it to bypass many email security filters and infect more victims.
Corporate data theft – Once inside an organization’s network, the attackers can exfiltrate sensitive data like customer info, trade secrets, intellectual property, and more. This data can sometimes be sold to competitors or other criminal groups.
Use of infected computers – Computers infected with the RAT can be added to a botnet, which are networks of devices under the control of cybercriminals. Botnets can be leveraged for sending more spam, distributed denial of service attacks (DDoS), cryptocurrency mining, and other illicit money making schemes.

As you can see, the operators behind phishing scams like this one can benefit in numerous ways if victims are tricked into opening the malicious emails and attachments. This results in very real financial and data security consequences.

How the Crimson International Scam Works

Now that we have covered an overview of the scam, let’s look closer at how the phishing attempt works and tricks users into compromising their systems:

1. Scammers Send Mass Emails Impersonating a Company

The cybercriminals begin by crafting emails that masquerade as a legitimate business communication. In this case, they pose as Crimson International, a real pharmaceutical company, in order to appear trustworthy to recipients.

The email is made to look like it is coming from an employee or representative of Crimson International requesting a revised price quote and certificate of analysis for an order.

Of course, the contact information in the headers will actually point back to the scammer’s servers, not Crimson International’s real email addresses. But this is designed to fool casual glance.

2. Recipient Opens Email Thinking it is Legitimate

When victims first see the email in their inbox, they are likely to open it without initially realizing it is malicious.

The phishing email has no obvious red flags at first glance. The average person is not analyzing header information or scrutinizing every email they receive claiming to be from a legitimate company.

Seeing Crimson International in the subject line and content, many will open the email thinking it is a normal business communication.

3. Malware Attachment Infects Victim’s Computer

Once opened, the email instructs the recipient to review the attached document which supposedly contains details about the pharmaceutical order being discussed.

However, this attached document in actuality contains malware – specifically the Agent Tesla remote access Trojan. Agent Tesla is the payload the cybercriminals are distributing through this phishing scam.

If the victim clicks and opens the attachment, the Agent Tesla malware will automatically execute and install itself on their system without the need for any action. The malware infection will then provide full remote control of the system to the attackers.

4. Criminals Use Illicit Access Against the Victim

From this point on, the possibilities are frightening for what the criminals can do after compromising the victim’s computer.

Having installed the RAT malware, the attackers now have:

Remote desktop control to manipulate the infected system at will
Tools to start exfiltrating any data stored on the system
Ability to download additional malware payloads
Capacity to monitor users’ activities through keylogging and other surveillance tools
An infected endpoint they can leverage as part of a botnet

The victim’s antivirus software and firewalls are rendered useless since the malware is already installed and often uses evasion techniques to avoid detection.

The hackers can then steal passwords, transfer funds, or collect sensitive corporate data at their leisure. Or they may opt to just sell access to other criminal groups on dark web markets who will in turn abuse the compromised system.

Either way, the consequences can be severe once the malicious attachment from the phishing email is opened. This gives the scammers backdoor access into both personal and enterprise networks.

Optimizing Defenses Against the Crimson International Scam

Now that you understand how this scam works and the criminal motivations behind it, it’s crucial to know how to optimize defenses to avoid falling victim. Here are some best practices individuals and organizations should follow:

Carefully Inspect Unexpected Emails Claiming to be From Companies

The foundation of phishing defense is training email users to scrutinize any unexpected messages purporting to be from a legitimate business.

Look for typos, grammar mistakes, generic greetings, and requests for sensitive information or action – these are common red flags. Also verify the sender’s email address looks accurate if unsure.

Even emails mentioning your company’s name specifically in the subject or content could be spoofed. Approach with caution.

Avoid Opening Attachments From Unknown Senders

Users should develop a mindset of always distrusting attachments in emails, especially from unfamiliar contacts. This simple habit could prevent infection in many phishing incidents.

When attachments must be opened, you can try to preview the file type icon first instead of enabling macros or plugins. Be on high alert for anything suspicious.

Install and Update Antivirus and Anti-Malware Tools

Security software with real-time protection and scanning can potentially detect known threats in emails and attachments before they reach users’ inboxes.

Make sure all antivirus and anti-malware programs are patched with the latest definitions to identify new phishing techniques and malware strains as they emerge.

Use Email Filtering Tools To Identify Phishing Attempts

Dedicated email security solutions can automatically detect potential phishing emails using a combination of tactics like header analysis, content inspection, machine learning, and blacklist databases.

Tools like DMARC, DKIM, and SPF can also help validate legitimate emails and block spoofs. This acts as an additional filtering layer against phishing.

Limit Public Email Posting and Sharing

Be careful about posting generic company email addresses publicly online or sharing them outside trusted recipients. This makes it easier for scammers to harvest valid business emails and use them as phishing targets.

Educate Employees on Phishing Threats

Ongoing user education is critical to help staff recognize subtle phishing indicators that automated systems may miss. Teach employees how to scrutinize emails and safely handle attachments to create a human firewall.

Combining the above technology solutions and user training best practices will help significantly improve resilience against phishing campaigns like the fake Crimson International emails. Staying vigilant and keeping systems patched and secured is key to protecting against evolving cybercriminal tactics.

What to do if You Have Fallen Victim to This Scam

If you believe you have been compromised by opening the attachment in the Crimson International phishing email, here are the steps you should take right away:

1. Disconnect Your Device From Networks Immediately

If your system has been infected with malware like Agent Tesla, one of the worst things you can do is continue having that system connected to business networks or the internet. This allows the attackers to leverage and abuse your device remotely.

Unplug the system from wired connections, disable Wi-Fi, and generally air gap the device as much as possible to cut off criminal access. This limits the damage that can be done.

2. Reset Passwords for All Systems and Accounts

With your device compromised, assume that any passwords, credentials, or other sensitive data stored on that system is potentially accessed by the attackers.

Work under the assumption your passwords are burned. Change the credentials on the infected system, email accounts, financial accounts, cloud services, or any other login that could be utilized by criminals who now have a backdoor into your device. Enable multi-factor authentication where possible.

3. Scan for More Compromised Devices on Your Network

There is a strong chance that your network has been more broadly compromised if you opened a phishing email attachment. Isolate and scan all your systems to check for additional malware infections that may have spread.

Look for signs of data exfiltration, unexpected encrypted files, unknown processes and services, suspicious network connections, or other IOCs that point to a wider breach. Take measures to detect lateral movement.

4. Wipe and Re-Image Infected Systems

For endpoints confirmed to be infected with malware, the only way to fully remediate is often to wipe the system completely and re-image it from a known good backup or source image file.

Simply running antivirus scans or deleting individual files is often not enough, as sophisticated malware can embed itself at a system level. Full wipes reduce the risk of reinfection from remnants.

5. Reset Compromised Credentials a Second Time

Once you have wiped infected systems and restored them to a clean state, you must now reset all credentials again. This ensures any credentials that may have been harvested during the breach are cycled out and invalidated. Enable multi-factor authentication wherever possible.

6. Notify Contacts of Potential Data Compromise

If sensitive customer data, intellectual property, financial information, or other private records were potentially accessed in the breach, you may have regulatory and compliance obligations to notify impacted individuals and partners. Follow breach disclosure laws and consult experts as needed on notification requirements.

7. Engage Incident Response and Forensics Firms

For more severe enterprise compromises, it is often wise to enlist outside cybersecurity incident response teams and digital forensics firms to fully identify root causes, quantify potential data loss, and implement recovery processes. They can also help address legal and regulatory duties in large-scale breaches.

Recovering from a malware infection requires time and dedication. But following these steps can help minimize damage, restore systems, reset credentials, identify areas of persistence, and prevent future failings of a similar nature. Don’t delay in taking swift action at the first sign of compromise.

Is Your Device Infected? Check for Malware

If your device is running slowly or acting suspicious, it may be infected with malware. Malwarebytes Anti-Malware Free is a great option for scanning your device and detecting potential malware or viruses. The free version can efficiently check for and remove many common infections.

Malwarebytes can run on Windows, Mac, and Android devices. Depending on which operating system is installed on the device you’re trying to run a Malwarebytes scan, please click on the tab below and follow the displayed steps.

Malwarebytes For WindowsMalwarebytes For MacMalwarebytes For Android

Scan your computer with Malwarebytes for Windows to remove malware

Malwarebytes stands out as one of the leading and widely-used anti-malware solutions for Windows, and for good reason. It effectively eradicates various types of malware that other programs often overlook, all at no cost to you. When it comes to disinfecting an infected device, Malwarebytes has consistently been a free and indispensable tool in the battle against malware. We highly recommend it for maintaining a clean and secure system.

Download Malwarebytes for Windows

You can download Malwarebytes by clicking the link below.

MALWAREBYTES FOR WINDOWS DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes)
Install Malwarebytes

After the download is complete, locate the MBSetup file, typically found in your Downloads folder. Double-click on the MBSetup file to begin the installation of Malwarebytes on your computer. If a User Account Control pop-up appears, click “Yes” to continue the Malwarebytes installation.
Follow the On-Screen Prompts to Install Malwarebytes

When the Malwarebytes installation begins, the setup wizard will guide you through the process.
- You’ll first be prompted to choose the type of computer you’re installing the program on—select either “Personal Computer” or “Work Computer” as appropriate, then click on Next.
- Malwarebytes will now begin the installation process on your device.
- When the Malwarebytes installation is complete, the program will automatically open to the “Welcome to Malwarebytes” screen.
- On the final screen, simply click on the Open Malwarebytes option to start the program.
Enable “Rootkit scanning”.

Malwarebytes Anti-Malware will now start, and you will see the main screen as shown below. To maximize Malwarebytes’ ability to detect malware and unwanted programs, we need to enable rootkit scanning. Click on the “Settings” gear icon located on the left of the screen to access the general settings section.

In the settings menu, enable the “Scan for rootkits” option by clicking the toggle switch until it turns blue.

Now that you have enabled rootkit scanning, click on the “Dashboard” button in the left pane to get back to the main screen.
Perform a Scan with Malwarebytes.

To start a scan, click the Scan button. Malwarebytes will automatically update its antivirus database and begin scanning your computer for malicious programs.
Wait for the Malwarebytes scan to complete.

Malwarebytes will now scan your computer for browser hijackers and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check the status of the scan to see when it is finished.
Quarantine detected malware

Once the Malwarebytes scan is complete, it will display a list of detected malware, adware, and potentially unwanted programs. To effectively remove these threats, click the “Quarantine” button.

Malwarebytes will now delete all of the files and registry keys and add them to the program’s quarantine.
Restart your computer.

When removing files, Malwarebytes may require a reboot to fully eliminate some threats. If you see a message indicating that a reboot is needed, please allow it. Once your computer has restarted and you are logged back in, you can continue with the remaining steps.

Your computer should now be free of trojans, adware, browser hijackers, and other malware.

If your current antivirus allowed this malicious program on your computer, you may want to consider purchasing Malwarebytes Premium to protect against these types of threats in the future.
If you are still having problems with your computer after completing these instructions, then please follow one of the steps:

Run a computer scan with ESET Online Scanner
Ask for help in our Windows Malware Removal Help & Support forum.

Scan your computer with Malwarebytes for Mac to remove malware

Malwarebytes for Mac is an on-demand scanner that can destroy many types of malware that other software tends to miss without costing you absolutely anything. When it comes to cleaning up an infected device, Malwarebytes has always been free, and we recommend it as an essential tool in the fight against malware.

Download Malwarebytes for Mac.

You can download Malwarebytes for Mac by clicking the link below.

MALWAREBYTES FOR MAC DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Mac)
Double-click on the Malwarebytes setup file.

When Malwarebytes has finished downloading, double-click on the setup file to install Malwarebytes on your computer. In most cases, downloaded files are saved to the Downloads folder.
Follow the on-screen prompts to install Malwarebytes.

When the Malwarebytes installation begins, you will see the Malwarebytes for Mac Installer which will guide you through the installation process. Click “Continue“, then keep following the prompts to continue with the installation process.

When your Malwarebytes installation completes, the program opens to the Welcome to Malwarebytes screen. Click the “Get started” button.
Select “Personal Computer” or “Work Computer”.

The Malwarebytes Welcome screen will first ask you what type of computer are you installing this program, click either Personal Computer or Work Computer.
Click on “Scan”.

To scan your computer with Malwarebytes, click on the “Scan” button. Malwarebytes for Mac will automatically update the antivirus database and start scanning your computer for malware.
Wait for the Malwarebytes scan to complete.

Malwarebytes will scan your computer for adware, browser hijackers, and other malicious programs. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Quarantine”.

When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes has detected. To remove the malware that Malwarebytes has found, click on the “Quarantine” button.
Restart computer.

Malwarebytes will now remove all the malicious files that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your computer.

Your Mac should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious program on your computer, you might want to consider purchasing the full-featured version of Malwarebytes Anti-Malware to protect against these types of threats in the future.
If you are still experiencing problems while trying to remove a malicious program from your computer, please ask for help in our Mac Malware Removal Help & Support forum.

Scan your phone with Malwarebytes for Android to remove malware

Malwarebytes for Android automatically detects and removes dangerous threats like malware and ransomware so you don’t have to worry about your most-used device being compromised. Aggressive detection of adware and potentially unwanted programs keeps your Android phone or tablet running smooth.

Download Malwarebytes for Android.

You can download Malwarebytes for Android by clicking the link below.

MALWAREBYTES FOR ANDROID DOWNLOAD LINK
(The above link will open a new page from where you can download Malwarebytes for Android)
Install Malwarebytes for Android on your phone.

In the Google Play Store, tap “Install” to install Malwarebytes for Android on your device.

When the installation process has finished, tap “Open” to begin using Malwarebytes for Android. You can also open Malwarebytes by tapping on its icon in your phone menu or home screen.
Follow the on-screen prompts to complete the setup process

When Malwarebytes will open, you will see the Malwarebytes Setup Wizard which will guide you through a series of permissions and other setup options.
This is the first of two screens that explain the difference between the Premium and Free versions. Swipe this screen to continue.

Tap on “Got it” to proceed to the next step.

Malwarebytes for Android will now ask for a set of permissions that are required to scan your device and protect it from malware. Tap on “Give permission” to continue.

Tap on “Allow” to permit Malwarebytes to access the files on your phone.
Update database and run a scan with Malwarebytes for Android

You will now be prompted to update the Malwarebytes database and run a full system scan.

Click on “Update database” to update the Malwarebytes for Android definitions to the latest version, then click on “Run full scan” to perform a system scan.
Wait for the Malwarebytes scan to complete.

Malwarebytes will now start scanning your phone for adware and other malicious apps. This process can take a few minutes, so we suggest you do something else and periodically check on the status of the scan to see when it is finished.
Click on “Remove Selected”.

When the scan has been completed, you will be presented with a screen showing the malware infections that Malwarebytes for Android has detected. To remove the malicious apps that Malwarebytes has found, tap on the “Remove Selected” button.
Restart your phone.

Malwarebytes for Android will now remove all the malicious apps that it has found. To complete the malware removal process, Malwarebytes may ask you to restart your device.

Your phone should now be free of adware, browser hijackers, and other malware.

If your current antivirus allowed a malicious app on your phone, you may want to consider purchasing the full-featured version of Malwarebytes to protect against these types of threats in the future.
If you are still having problems with your phone after completing these instructions, then please follow one of the steps:

Restore your phone to factory settings by going to Settings > General management > Reset > Factory data reset.
Ask for help in our Mobile Malware Removal Help & Support forum.

Here is an FAQ section about the Crimson International email scam:

Frequently Asked Questions

What is the Crimson International email scam?

This is a phishing scam where targeted emails are sent out pretending to come from the pharmaceutical company Crimson International. The emails discuss a fake revised order and contain infected attachments that install malware if opened.

What is the goal of this scam?

The cybercriminals aim to infect victims with remote access malware like Agent Tesla to steal data, install more malware, spy on users, or utilize compromised systems in other illegal cybercrime operations.

How does the scam email reach people’s inboxes?

The scammers use spoofed email headers and branding to pretend the message is from Crimson International. This tricks some email filters and users into believing the email is legitimate.

What should I do if I receive an email like this?

Do not open any attachments. Double check the sender address for accuracy if you are unsure. Report the email as phishing/spam. Delete the message and do not reply.

Can anti-virus or email security tools detect this scam?

In some cases yes, but cybercriminals constantly evolve their tactics to bypass filters. Users should still scrutinize emails in addition to security software.

What happens if a user opens the attachment?

The malware payload in the attachment infects their system. This allows remote access for criminals to steal data, install more malware, spy on users, or utilize the compromised computer for other illicit activities.

How can users recover if they opened the attachment?

Immediately disconnect the infected device from other networks. Reset ALL passwords. Wipe and re-image the compromised system. Scan other devices for infection. Notify contacts if sensitive data was exposed. Engage incident response teams as needed.

How can companies better protect against this scam?

Implement email filtering tools, keep antivirus software updated, provide effective phishing training to employees, avoid posting generic business emails publicly, and utilize multi-factor authentication.

Who should be notified about this scam?

Report the phishing attempt to your security team. Law enforcement agencies like the FBI that track cybercrime can also be notified to help prevent further spread of the scam.

Conclusion

Phishing emails impersonating legitimate companies continue to be a threat, as seen in the recent scam pretending to be Crimson International. The scam takes advantage of brand familiarity and Holder
our lack of scrutiny when receiving emails that appear to be from major corporations.

However, learning the common signs these phishing attempts exhibit allows us to be more discerning and identify the red flags. Avoiding opening attachments from unknown senders can also prevent infection.

Enterprises must couple these user education efforts with technological defenses like gateway email filtering, antivirus, and access controls to create defense in depth.

With proper layered security and vigilance, organizations can significantly reduce their risk of falling victim to phishing campaigns like this Crimson International scam email distributing Agent Tesla malware. But it requires active appraisal of inbound emails, patching systems, and enabling multi-factor authentication across the environment.

By understanding the scam tactics, strengthening email security posture, and training staff to identify subtle phishing indicators, companies can better defend their networks and data against unauthorized access attempts.

Here are 10 basic security tips to help you avoid malware and protect your device:

To avoid potential dangers on the internet, it's important to follow these 10 basic safety rules. By doing so, you can protect yourself from many of the unpleasant surprises that can arise when using the web.