Phishing scams are one of the most common forms of online fraud today. Typically executed through email, phishing scams deceive recipients into believing the email originates from a legitimate source, such as a reputable company, government agency, or even a well-known individual. The goal is to trick the user into revealing sensitive information, installing malware, or following malicious instructions that can compromise their personal or financial security.
The Purpose of the Scam
The primary goal of phishing scams like the one being discussed here is to deceive users into downloading malicious software or providing access to personal and financial information. These scams typically work by pretending to be a legitimate business communication that urges immediate action. In the case of the “New Order from Start Group S.R.L Email Scam,” the intent is to trick the recipient into opening malicious attachments or following harmful instructions.
Cybercriminals use these types of email scams to:
- Install malware such as ransomware, which locks users out of their systems until a ransom is paid.
- Steal banking credentials, credit card information, or login details to websites.
- Obtain access to personal data that can be sold on the dark web.
How the Scam Infiltrates Systems
In this scam, the phishing email comes disguised as an official communication from “Start Group S.R.L,” a seemingly legitimate business. The email subject might suggest a new order, invoice, or urgent payment request, creating a sense of urgency in the recipient. The email address often looks legitimate but will have subtle irregularities, such as being sent from an unrecognized domain (e.g., startgroup-order.com instead of an official business domain).
The body of the email will include specific instructions, urging the user to download an attached file—likely a PDF, DOCX, or ZIP archive—or click a link to verify or manage the alleged order. The email might include details like order numbers, shipment details, or other business-related terms to make it look more credible.
Once the recipient clicks the attachment or link, their system may become infected with malware that can steal data, spy on activity, or encrypt files until a ransom is paid.
The Specific Threat in the “New Order from Start Group S.R.L” Scam
The phishing email described in this case typically originates from an address that looks like it’s from a business related to Start Group S.R.L., but further inspection shows inconsistencies that should alert users. The sender’s email address in this scam is often order@startgroup-orders.com, a suspicious variant of a legitimate-sounding business name.
The email contains instructions to download an attached file, which supposedly contains information about a new order or delivery. The text usually urges the recipient to act quickly, citing delivery delays or pricing errors, causing them to feel compelled to open the document immediately.
However, the attachment is malicious and, when opened, installs malware onto the user’s system. The primary reason for this scam is to install malware such as ransomware or spyware, which gives the attackers control over your files, keystrokes, and sensitive data.
Text presented in the “Price And Delivery Time” email letter:
Subject: New Order from Start Group S.R.L
Good morning,
I am Mrs. Elena Cristea from Start Group S.R.L located in Romania.Attached is the order I sent to you last month without a response. Would you please quote your price and delivery time for the following items in the attached order?
I appreciate your co-operation in advance.
Elena Cristea
Purchase Manager STAR T GROUP S.R.L. Delea Veche 12, building A, office 4-2, Sector 3 Bucharest, Romania Tel : +40 478 246 150 Web: www.startgroup.ro
Common Reasons for Encountering This Scam
Users may encounter this phishing scam if they:
- Have recently made online purchases or interacted with businesses that provide shipping or delivery services.
- Frequently deal with orders and invoices in a business setting, making them more likely to open a file without second-guessing.
- Have been browsing insecure websites or have shared their email on platforms vulnerable to phishing attacks.
Similar Phishing Threats
Other phishing emails that share similar patterns include:
- Fake delivery notifications from courier services like DHL, FedEx, or UPS.
- “Invoice overdue” emails pretending to come from vendors or service providers.
- Emails claiming to offer job opportunities or asking for document submissions.
Comprehensive Removal Guide
If you have interacted with the malicious email or opened the attachment, you may have already downloaded malware onto your system. Below is a step-by-step guide to remove the associated malware and secure your device:
Step 1: Disconnect from the Internet
Immediately disconnect your computer from the internet. This prevents the malware from sending information to the attackers or downloading more malicious components.
Step 2: Boot into Safe Mode
- Restart your computer.
- During the restart, press F8 repeatedly to bring up the “Advanced Boot Options.”
- Select “Safe Mode with Networking” to allow you to access removal tools while keeping the malware from interacting with your system fully.
Step 3: Run Anti-Malware Software
Download a trusted anti-malware tool, such as SpyHunter, which can help you scan for and remove all malicious files and programs.
- Download SpyHunter by visiting its official website.
- Install the program and run a complete system scan.
- Review the scan results, and quarantine or delete all identified threats.
Step 4: Remove Suspicious Programs Manually
- Open the "Control Panel" and go to "Programs and Features" or "Add/Remove Programs."
- Look for any suspicious or unfamiliar software installed around the time you interacted with the phishing email.
- Right-click on the suspicious program and click "Uninstall."
Step 5: Delete Temporary Files
Malware often hides in temporary files. Use the following steps to delete them:
- Press the Windows Key + R to open the "Run" command.
- Type "temp" and hit enter. Delete all files in the folder.
- Repeat the process for "%temp%" and "prefetch."
Step 6: Reset Web Browser Settings
If you clicked a malicious link, your browser settings may have been altered. To reset:
- Open your browser settings (e.g., Chrome > Settings).
- Scroll down to "Advanced" settings and click "Restore settings to their original defaults."
Step 7: Update All Passwords
If you suspect that sensitive information was compromised, immediately update your passwords. Make sure to use strong, unique passwords for all accounts, especially email, banking, and social media.
Preventing Future Phishing Attacks
To avoid falling victim to phishing scams in the future, follow these safety tips:
- Verify Email Addresses: Always check the sender’s email address for inconsistencies.
- Don’t Click on Suspicious Links: If something seems off, don't click links or open attachments.
- Use Anti-Malware Software: Keep anti-malware software like SpyHunter up to date and regularly run system scans.
- Enable Multi-Factor Authentication: Wherever possible, enable two-factor authentication to protect your accounts.
- Be Skeptical of Urgency: Scammers often create a false sense of urgency. Always take time to verify before acting.
To ensure your system is free from all malware, download SpyHunter and scan your computer for free. With its advanced malware detection capabilities, it can effectively protect your system from threats like the "New Order from Start Group S.R.L Email Scam."
