In a particularly callous move, online criminals are currently distributing malware emails that supposedly contain a funeral invoice in an attached file.
The emails, which claim to be from ‘Funeral Account Recovery’ and have a subject line that appears to contain an invoice number, ask you to open an attached file to view a letter. Recipients who have recently lost a loved-one may be especially vulnerable to this ruse.
If you open the attached .zip file, you will find that it contains a javascript (.js) file. If you then click the .js file, malware may be installed on your Microsoft Windows based computer. Once installed, the malware may join the infected computer to a botnet and download further malware.
This ruse is not unprecedented. In early 2014, malware emails purporting to be from various funeral homes were being distributed. These fake funeral notices contained links to websites that harboured malware.
EXAMPLE:
From: Funeral Account Recovery
Subject: Inv. 75344Please see attached letter.
—
Jill [Surname removed]
Funeral Account Recovery
Last updated: March 1, 2016
First published: March 1, 2016
By Brett M. Christensen
About Hoax-Slayer
References
Bogus Funeral Notification Emails Point to Malware
Malware Threat Articles
Malicious spam with zip attachments containing .js files
Original Source : https://www.hoax-slayer.net/funeral-account-recovery-malware/