This email, which purports to be from UK Government department Companies House, supposedly contains important and confidential company documents in an attached file. The email claims that you must scan the attached documents and fax them to a specified number.
The emails appear to come from a genuine .gov.uk address and includes a genuine Companies House phone number. At first glance, it may appear to be a real Companies House notification.
However, the email is not from Companies House and the attachment does not contain company documents as claimed. The email address is spoofed to make it appear legitimate. The attachment contains malware. If you open the attached .zip file, you will find a malicious .exe file inside. Clicking this .exe file can install the malware on your computer. Once installed, the malware may download further malware that can steal personal and financial information such as account passwords and connect to remote servers operated by online criminals.
Companies House is a UK government entity that ‘incorporates and dissolves limited companies, registers the information companies are legally required to supply, and makes that information available to the public’. Thus, at least a few people who own or work for companies in the UK may believe that the email is genuine and inadvertently install malware on their computers.
This campaign is not unprecedented. Another malware email, which was hitting inboxes back in 2013, also claimed to be from Companies House. The earlier version falsely claimed that a complaint had been made against the recipient’s company and contained malware in an attached file.
Be wary of any email that claims to be from Companies House and instructs you to click a link or open an attached file to view documents or supply information. Some of these fraudulent emails may carry malware. Others may be phishing scams designed to trick you into providing personal and financial information to online criminals.
Example
Company Documents
Case: C8822143
Please scan attached document and fax it to [removed].
All web filed documents (with the exception of downloaded accounts templates) are available to view / download for 10 days after their original submission. Once accepted, these changes will be displayed on the public record. Not yet filing your accounts online? See how easy it is… For enquiries, please telephone the Service Desk on [removed] or email [removed] This email was sent from a notification-only email address which cannot accept incoming mail. Please do not reply directly to this message.
Yours faithfully
[Name Removed]
Senior Manager
Companies House
[Removed]@gov.uk
Calls may be monitored or recorded in case we need to check we have carried out your instructions correctly and to help improve our quality of service.
©2014 Companies House. All rights reserved.
Attachment: CASE_C8822143.zip contains CASE_C9FD9DSGF0F.exe
Original Source : https://www.hoax-slayer.net/fake-companies-house-important-documents-email-contains-malware/