A spam campaign targeting German users has increased its chances of successfully tricking users into installing malware , by embedding several pieces of the victim 's personal information into its poisoned email messages . The campaign , which has been active since at least January 2017 , begins when a user receives an email written entirely in German . Its message informs the recipient they 've attempted to pay for something online but that the transaction did not complete successfully The user must re-submit payment , the email demands , otherwise they could be penalized by a collection agency or even law enforcement . Sample of spam message seen targeting German users . Most of us know better than to fall for this type of scam , and the attackers know it . Which is why they 've outfitted Attack.Phishing their attack emails with a technique that 's designed to convince Attack.Phishing the recipient the notice is legitimate . Andrew Brandt , director of threat research at Symantec , elaborates on this point in a blog post : `` The key detail of each message was the fact that the recipient ’ s full name , mailing address , and telephone number were embedded in the middle of the message . '' Brandt does n't elaborate on how the attackers obtain Attack.Databreach users ' personal information . Technically , bad actors can use Google and other tools to easily find these details . Seeing your personal information is enough to sway most users , so much so that a recipient would probably open the double-zipped attachment and thereby expose themselves to Nymaim.B . For its command and control ( C & C ) server , this banking trojan uses afegesinge [ dot ] com . At one point in time , 13 other malware executables communicated with it . Back in April 2016 , for instance , BBC News reporter Shari Vahl and ZDNet journalist Zack Whittaker separately spotted malicious emails in their inboxes that said they owed money to a collection agency , and included their real-life address information to make the messages appear more convincing . Unlike the German campaign , however , the UK attack Attack.Phishing sought to trick Attack.Phishing users into clicking on links that led them to Maktub ransomware . No matter how convincing an email seems to be , it always pays to double check these kinds of claims by calling the company purportedly making the claim to confirm the message ’ s authenticity ( or to prove that it is false ) . '' Aside from confirming with the alleged sender , users should maintain an up-to-date security solution on their computers , implement software updates as soon as they become available , and delete any suspicious emails .