{"id":1071,"date":"2019-04-06T19:33:31","date_gmt":"2019-04-06T19:33:31","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=1071"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Bogus-Invoice-Emails-Contain-Macro-Malware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=1071","title":{"rendered":"Bogus Invoice Emails Contain Macro Malware"},"content":{"rendered":"<div>\n<p>Fake invoice emails that harbour macro malware continue to hit inboxes around the world. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>Many are brief messages like the example shown below:<\/p>\n<blockquote>\n<p><strong>Subject: \u00a0Paid Invoices<\/strong><\/p>\n<p>&nbsp;<\/p>\n<p>Dear ,<\/p>\n<p>&nbsp;<\/p>\n<p>Please read and ask me any questions.<\/p>\n<p>&nbsp;<\/p>\n<p>&gt; http:\/\/ [removed ]nvoices-Overdue\/<\/p>\n<p>&nbsp;<\/p>\n<p>Many Thanks<\/p>\n<p>Milenko [Surname Removed]<\/p>\n<\/blockquote>\n<p>The messages are designed to trick you into clicking a link. \u00a0If you do click, a seemingly \u00a0innocuous Microsoft Word document will be downloaded to your computer.<\/p>\n<p>Supposedly, the document contains details about overdue invoices. But, when you attempt to open the Word file, you will be prompted to enable content in order to view the document. \u00a0 The manner in which the &#8220;enable content&#8221; prompt is displayed may vary. \u00a0 Here is one example:<\/p>\n<p><a href=\"http:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"18063\" data-permalink=\"https:\/\/www.hoax-slayer.net\/bogus-invoice-emails-contain-macro-malware\/enable-content-malware-message\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message.jpg\" data-orig-size=\"800,611\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"enable-content-malware-message\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message-300x229.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message.jpg\" class=\"aligncenter size-full wp-image-18063\" src=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message.jpg\" alt=\"Enable Content Macro Malware Message\" width=\"800\" height=\"611\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message-300x229.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message-768x587.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message-500x382.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/02\/enable-content-malware-message-585x447.jpg 585w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p>If you follow the instructions in the message, you may not see any immediate change to the document. However, a malicious macro will run in the background. The macro will download and install various types of malware.<\/p>\n<p>This tactic is often used to distribute ransomware. \u00a0 Once installed, ransomware can lock up the files on your computer and then demand that you pay a fee to online criminals to receive a decryption key.<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p> In other cases, the malware may be designed to steal your online banking passwords and other sensitive personal information.<\/p>\n<p><a href=\"http:\/\/www.hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">Such malware attacks are very common<\/a>. Be wary of any message that claims that you must &#8220;enable content&#8221; or &#8220;enable macros&#8221; \u00a0 to view ordinary Microsoft Word documents such as invoices. There is no reason why such documents would need macros enabled.<\/p>\n<hr \/>\n<style>\n\t\t\t\t\t#wpsm_accordion_18065 .wpsm_panel-heading{\npadding:0px !important;\n}\n#wpsm_accordion_18065 .wpsm_panel-title {\nmargin:0px !important; \ntext-transform:none !important;\nline-height: 1 !important;\n}\n#wpsm_accordion_18065 .wpsm_panel-title a{\ntext-decoration:none;\ncolor:#ffffff !important;\nfont-size:18px !important;\ndisplay:block;\npadding:0px;\nfont-family: Open Sans !important;\npadding-top: 10px;\npadding-bottom: 10px;\nborder-bottom:1px solid  #ddd !important;<\/p>\n<p>}\n#wpsm_accordion_18065 .wpsm_panel-title a:hover,#wpsm_accordion_18065 .wpsm_panel-title a:visited, #wpsm_accordion_18065 .wpsm_panel-title a:focus {\n\tcolor:#ffffff !important;\n}\n#wpsm_accordion_18065 .acc-a{\n\tcolor: #ffffff !important;\n\tbackground-color:#0f0f0f !important;\n\tborder-color: #ddd;\n}\n#wpsm_accordion_18065 .wpsm_panel-default > .wpsm_panel-heading{\n\tcolor: #ffffff !important;\n\tbackground-color: #0f0f0f !important;\n\tborder-color: #0f0f0f !important;\n\tborder-top-left-radius: 0px;\n\tborder-top-right-radius: 0px;\n}\n#wpsm_accordion_18065 .wpsm_panel-default {<\/p>\n<p>\tborder:1px solid transparent !important;<\/p>\n<p>\t}\n#wpsm_accordion_18065 {\n\tmargin-bottom: 20px;\n\toverflow: hidden;\n\tfloat: left;\n\twidth: 100%;\n\tdisplay: block;\n}\n#wpsm_accordion_18065 .ac_title_class{\n\tdisplay: inline-block;\n    padding-top: 5px;\n    padding-bottom: 5px;\n    padding-left: 13px;\n    padding-right: 10px;\n    border: 0px solid #ddd;\n\tfont-size:18px !important;\nfont-family: Open Sans !important;<\/p>\n<p>}\n#wpsm_accordion_18065  .wpsm_panel {\n\toverflow:hidden;\n\t-webkit-box-shadow: 0 0px 0px rgba(0, 0, 0, .05);\n\tbox-shadow: 0 0px 0px rgba(0, 0, 0, .05);<\/p>\n<p>\t\tborder-radius: 4px;\n\t}\n#wpsm_accordion_18065  .wpsm_panel + .wpsm_panel {\n\t\tmargin-top: 5px;\n\t}\n#wpsm_accordion_18065  .wpsm_panel-body{\nbackground-color:#efefef !important;\ncolor:#000000 !important;\nborder-top-color: #0f0f0f !important;\nfont-size:16px !important;\nfont-family: Open Sans !important;\noverflow: hidden;<\/p>\n<p>border: 0px solid #ddd !important;<\/p>\n<p>border-top:0px !important;\npadding-left: 60px;\n}<\/p>\n<p>#wpsm_accordion_18065 .ac_open_cl_icon{\n\tbackground-color:#dd3333;\n\tcolor: #ffffff;<\/p>\n<p>     padding-top: 5px; \n     padding-bottom: 5px; \n\t margin-left:10px;\n    line-height: 1.0;\n    font-size:18px !important;\ntext-align: center !important;\n     width: 32px !important;\n    display: inline-block;<\/p>\n<p>}\n#wpsm_accordion_18065 .ac_open_cl_number{\n width: 25px !important;\n    display: inline-block;\n\t margin-left:10px;\n\t text-align: center !important;\n\t font-size:18px !important;<\/p>\n<p>}<\/p>\n<\/style>\n<div class=\"wpsm_panel-group\" id=\"wpsm_accordion_18065\" >\n<p>\t\t\t\t  <!-- Inner panel Start --><\/p>\n<div class=\"wpsm_panel wpsm_panel-default\">\n<div class=\"wpsm_panel-heading\" role=\"tab\" >\n<h4 class=\"wpsm_panel-title\">\n\t\t\t\t\t\t<a  class=\"\"  data-toggle=\"collapse\" data-parent=\"\" href=\"#ac_18065_collapse1\"  ><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span  class=\"ac_open_cl_icon fa fa-plus\"><\/span><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"ac_title_class\"><br \/>\n\t\t\t\t\t\t\t\tWhat Are Macros?\t\t\t\t\t\t\t<\/span><br \/>\n\t\t\t\t\t\t<\/a><br \/>\n\t\t\t\t\t  <\/h4>\n<\/p><\/div>\n<div id=\"ac_18065_collapse1\" class=\"wpsm_panel-collapse collapse_18065 collapse \"  >\n<div class=\"wpsm_panel-body\">\n\t\t\t\t\t\tFor those that may not be aware, a macro is a set of commands and instructions that can be grouped as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Macros can be very helpful in some workflows and quite complex macros can be created. But, such complex macros can be created to perform evil deeds as well as good. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default.<\/p>\n<p>Alas, many users may have either forgotten about or have no knowledge of macro risks and may therefore be inclined to enable macros if requested to do so.<\/p>\n<p>While macros can certainly be useful in some workflows, it is best to leave them disabled if you do not use them and and are unfamiliar with their potential security risks. And, do not believe any message that claims that you must enable macros in order to view a simple document such as a billing invoice or receipt.<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>\t\t\t\t   <!-- Inner panel End --><\/p><\/div>\n<p>\t\t\t\t<script>\n\tjQuery(document).ready(function() {<\/p>\n<p>\t\t\tjQuery('.collapse_18065').on('shown.bs.collapse', function(){jQuery(this).parent().find(\".fa-plus\").removeClass(\"fa-minus\").addClass(\"fa-minus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").addClass(\"acc-a\"); }).on('hidden.bs.collapse', function(){jQuery(this).parent().find(\".fa-minus\").removeClass(\"fa-minus\").addClass(\"fa-plus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").removeClass(\"acc-a\");});<\/p>\n<p>\t\t});\n\t<\/script><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/bogus-invoice-emails-contain-macro-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/bogus-invoice-emails-contain-macro-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fake invoice emails that harbour macro malware continue to hit inboxes around the world. \u00a0 Many are brief messages like the example shown below: Subject: \u00a0Paid Invoices &nbsp; Dear , &nbsp; Please read and ask me any questions. &nbsp; &gt; http:\/\/ [removed ]nvoices-Overdue\/ &nbsp; Many Thanks Milenko [Surname Removed] The messages are designed to trick [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1071","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1071"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1071"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1071\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1071"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1071"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1071"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}