The story begins with the soon-to-be-victim reading a mysterious email from a private eye:

I am working in a private detective agency. I can’t say my name now. I want to warn you that i’m going to overhear your telephone line. Do you want to know who is the payer? Wait for my next message.

P.S. I’m sure, you don’t believe me. But i think the record of your yesterday’s conversation will assure you that everything is real.

The mail has attached what it would seem as a password-protected RAR-archived MP3 file. However, this is in fact an executable program designed to install malware onto the victim’s computer. In the end, the victim is given the impression that the machine might be at risk (a fake Windows Security Center alert will make sure of that) and might be convinced that he/she must buy some fake security software in order the get rd of the problem.

"If you fall for the trick and try and listen to the alleged recordings of your phone conversations then you will actually be unwittingly installing malware directly onto your PC. Home users and businesses need to defend their email gateways with protection against the latest virus and spam attacks," said Graham Cluley, senior technology consultant at Sophos. "It may seem to hard to believe that anyone would fall for a trick like this, but it wouldn’t be a surprise if people tried to run the attachment just out of curiousity as to what it contained."

In end, it all comes down to the golden rule: don’t open attachments from unknown sources.