{"id":1059,"date":"2019-04-06T19:33:30","date_gmt":"2019-04-06T19:33:30","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=1059"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Bogus-Australian-Recoveries-'Final-Notice'-Email-Points-to-Malware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=1059","title":{"rendered":"Bogus Australian Recoveries &#8216;Final Notice&#8217; Email Points to Malware"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\n&#8216;Final Notice&#8217; email purporting to be from a collections agency called &#8216;Australian Recoveries&#8217; claims that you owe money to Parking Patrols Victoria and should click a link to download your infringement notice.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe email is not a legitimate debt collection notice. The link in the email opens a website that attempts to trick you into downloading a .zip file. The .zip file contains a malicious JavaScript file that can download and install malware.<\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: Australian Recoveries &#8211; FINAL NOTICE 8847-7983<\/strong>Dear Sir\/Madam,FINAL NOTICERE: PARKING PATROLS (VIC) PTY LTD<br \/>\nClaim No: Amount: $55.60<br \/>\nPayment Notice id: Issue Date 03\/31\/2016<br \/>\nDeadline: 04\/07\/2016Funds for the Payment order that you created hasn&#8217;t been received.<\/p>\n<p>If you are responsible for this payment order, and judicial procedure have been taken to recover the the debt,<\/p>\n<p>legal fees and interest charge may be incurred. The restoration of these charges can be enforced. !!!<\/p>\n<p>We are writing to you because, PARKING PATROLS (VIC) PTY LTD has given us a fine penalty.<br \/>\nWe remind you that you have a deadline to pay the fine (or appeal against it) until 04\/07\/2016,<\/p>\n<p>otherwise the fine will increased up to $ 88.<\/p>\n<p>In case of ignoring this message legal action will be taken against you, as well as the all the expanses for the law suit, \u00a0penalties and fees may apply.<\/p>\n<p>To discover more details you need to cheack out your own infringement notice:<\/p>\n<p>[Link removed]<\/p>\n<p>==<br \/>\n[Name Removed]<br \/>\nCollections Officer<br \/>\n[Removed]<\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"5727909035\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to this email, which \u00a0claims to be \u00a0a &#8216;final notice&#8217; from a collections agency called Australian Recoveries, you own money to Parking Patrols Victoria for parking fines. The rather threatening email claims that, if you don&#8217;t pay by the specified deadline, the debt will increase and legal action will be taken against you.<\/p>\n<p>The message urges you to click a link to discover more details about the supposed infringement notice.<\/p>\n<p>However, the \u00a0email is certainly not a legitimate debt collection agency notification.<\/p>\n<p>If you do click the link, you will be taken to a website that appears to belong to the collections agency.  \u00a0Once on the site, you will be prompted to download a .zip file that supposedly contains your \u00a0infringement notice.<\/p>\n<p>But, if you open this .zip file, you will find that it contains a JavaScript (.js) file. If you then click the .js file, malware may be downloaded and installed on your computer.<\/p>\n<p>The \u00a0exact malware payload may vary.  \u00a0But, it is most \u00a0probably a version of the <a title=\"\u00e2\u20ac\u0153Locky\" ransomware \u00e2\u20ac\u201c what you need to know\" href=\"https:\/\/nakedsecurity.sophos.com\/2016\/02\/17\/locky-ransomware-what-you-need-to-know\/\">Locky ransomware<\/a>. Once installed, Locky will encrypt all of the \u00a0files on your computer and then demand a ransom to receive an encryption key.<\/p>\n<p>If you receive one of these emails, do not click any links \u00a0or open any attachments that it contains.<\/p>\n<div align=\"center\">\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1358951439\"\n     data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p> <a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1.jpg\" data-rel=\"penci-gallery-image-content\"  rel=\"attachment wp-att-696\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"696\" data-permalink=\"https:\/\/www.hoax-slayer.net\/dvsa-receipt-malware-email\/bomb-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1.jpg\" data-orig-size=\"800,698\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"bomb-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1-300x262.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1.jpg\" class=\"aligncenter size-full wp-image-696\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1.jpg\" alt=\"Malware Bomb Concept\" width=\"800\" height=\"698\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1-300x262.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1-768x670.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/bomb-malware-1-229x200.jpg 229w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p class=\"date\">Last updated: April 1, 2016<br \/>\nFirst published: April 1, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"\u00e2\u20ac\u0153Locky\" ransomware \u00e2\u20ac\u201c what you need to know\" href=\"https:\/\/nakedsecurity.sophos.com\/2016\/02\/17\/locky-ransomware-what-you-need-to-know\/\">\u00e2\u20ac\u0153Locky&#8221; ransomware \u00e2\u20ac\u201c what you need to know<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/bogus-australian-recoveries-final-notice-email-points-to-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/bogus-australian-recoveries-final-notice-email-points-to-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: &#8216;Final Notice&#8217; email purporting to be from a collections agency called &#8216;Australian Recoveries&#8217; claims that you owe money to Parking Patrols Victoria and should click a link to download your infringement notice. Brief Analysis: The email is not a legitimate debt collection notice. The link in the email opens a website that attempts to [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1059","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1059"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1059"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1059\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1059"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1059"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1059"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}