{"id":50,"date":"2019-04-06T19:33:14","date_gmt":"2019-04-06T19:33:14","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=50"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"\"Billing-Status-Overdue\";-Emails-Contain-Macro-Malware","status":"publish","type":"post","link":"http:\/\/www.syyhoaxanalyzer.com\/?p=50","title":{"rendered":"&#8220;Billing Status Overdue&#8221;; Emails Contain Macro Malware"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nEmails claiming that your billing status is overdue urge you to open an attached &#8220;e-invoice&#8221; to review the outstanding balance.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe emails are not from any legitimate company and the attachments do not contain invoices. Instead, the \u00a0attached Microsoft Word documents contain malicious macros that, if enabled, can download and install malware.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: Hoax-Slayer &#8211; Billing (16-10378) status is overdue<\/strong><\/p>\n<p>Dear Brett Christensen,<br \/>\nHoax-Slayer<\/p>\n<p>Attached is an e-invoice (6267463) that is due after 5 days that has an outstanding balance of A$ 1,136. We kindly ask you to inform us if there are any problems with the invoices in question and let us know when the remittance will be made.<\/p>\n<p>Kindly skip this letter if the deposit has already been processed. We know you have a lot of options and thank you for your business.<\/p>\n<p>Thank you.<\/p>\n<p>[Contact details removed]<\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nA series of  \u00a0emails that claim that you owe money to the sending company are currently hitting inboxes. The emails have a subject line that claims that you billing status is overdue and \u00a0includes \u00a0your name or business name along with a reference number for the supposed bill.<\/p>\n<p>The body of the emails lists the amount \u00a0of the outstanding bill and informs you that an &#8220;e-invoice&#8221; for the bill is contained in an attached file.<\/p>\n<p>The emails include \u00a0a signature section that list the name and contact details of the staff member and company that supposedly sent the invoice.<\/p>\n<p>However the emails are not from the companies named in the signature and the attachments do not contain invoices.  \u00a0Instead, the attached Microsoft Word documents contain malicious macros designed to install malware.<\/p>\n<p>The criminals behind this attack bank on the fact that at least a few recipients will open the attachment in the mistaken belief that they have been incorrectly billed.  \u00a0And, because the attachment is a seemingly innocuous Microsoft Word document, many may open it without due caution.<\/p>\n<p>If you do open the attachment, you will be prompted to enable macros, ostensibly because the document is &#8220;protected&#8221;.  \u00a0If you enable macros as requested, a malicious macro will then \u00a0download and install malware. The exact purpose of this malware may vary. The malware may be ransomware that can lock your computer&#8217;s files and then demand a fee to receive an unlock key. Or it may be malware that can steal sensitive information such as banking passwords from your computer.<\/p>\n<p>Be very cautious \u00a0of any email that claims that you need to \u00a0enable macros to view an ordinary document <a title=\"Loads Of Macro Malware 'Invoice' Emails Hitting Inboxes\" href=\"http:\/\/hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">such as an invoice<\/a>. There is no reason why you should need macros to view such documents. Unless you have a specific need to use \u00a0them, it is best to leave macros disabled by default.<\/p>\n<p>If you are unfamiliar with macros and the security threats they pose, \u00a0you can read more about them in this <a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">earlier Hoax-Slayer article<\/a>.<\/p>\n<p>Note that details such as the name and \u00a0contact information \u00a0of the sending \u00a0company and the amount of the supposed bill may vary in different versions of these emails.  \u00a0To make their claims seem more believable, the criminals have \u00a0used the names and details of real companies in their malware messages.<\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2351\" data-permalink=\"https:\/\/www.hoax-slayer.net\/billing-status-overdue-emails-contain-macro-malware\/billing-status-overdue-macro-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1.jpg\" data-orig-size=\"800,512\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"billing-status-overdue-macro-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1-300x192.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1.jpg\" class=\"aligncenter size-full wp-image-2351\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1.jpg\" alt=\"Billin status overdue malware email\" width=\"800\" height=\"512\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1-300x192.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/09\/billing-status-overdue-macro-malware-1-768x492.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p class=\"date\">Last updated: September 21, 2016<br \/>\nFirst published: September 21, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">Macro Virus Threat Returns &#8211; Beware Emails With Malicious Word Attachments<\/a><br \/>\n<a title=\"Loads Of Macro Malware 'Invoice' Emails Hitting Inboxes\" href=\"http:\/\/hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">Loads Of Macro Malware &#8216;Invoice&#8217; Emails Hitting Inboxes<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/billing-status-overdue-emails-contain-macro-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/billing-status-overdue-emails-contain-macro-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Emails claiming that your billing status is overdue urge you to open an attached &#8220;e-invoice&#8221; to review the outstanding balance. Brief Analysis: The emails are not from any legitimate company and the attachments do not contain invoices. Instead, the \u00a0attached Microsoft Word documents contain malicious macros that, if enabled, can download and install malware. [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-50","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/50"}],"collection":[{"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=50"}],"version-history":[{"count":0,"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/50\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=50"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=50"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=50"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}