{"id":1515,"date":"2019-04-06T19:33:40","date_gmt":"2019-04-06T19:33:40","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=1515"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Fake-Maersk-Line-Shipping-Documents-Email-Links-to-Malware","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=1515","title":{"rendered":"Fake Maersk Line Shipping Documents Email Links to Malware"},"content":{"rendered":"<div>\n<p>This email, which purports to be from \u00a0container shipping company Maersk Line, claims that you can open an attached file to view original shipping documents supposedly related to a consignment that is being shipped to you. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>However, the email is not from \u00a0Maersk Line and has no connection to the company. \u00a0 And, the attachments do not open any shipping documents.<\/p>\n<h2>Here is what the initial malware email looks like:<\/h2>\n<p><a href=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"19894\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-maersk-line-shipping-documents-email-links-to-malware\/maresk-shipping-dcouments-150518-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1.jpg\" data-orig-size=\"600,901\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"maersk-shipping-dcouments-150518-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1-200x300.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1.jpg\" class=\"aligncenter size-full wp-image-19894\" src=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1.jpg\" alt=\"Maersk Shipping Documents Malware Email\" width=\"600\" height=\"901\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1.jpg 600w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1-200x300.jpg 200w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1-500x751.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-1-585x878.jpg 585w\" sizes=\"(max-width: 600px) 100vw, 600px\" \/><\/a><\/p>\n<p>If you click the HTML attachment, it will open in your default browser and will attempt to automatically download a Microsoft Word document:<\/p>\n<p><a href=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"19896\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-maersk-line-shipping-documents-email-links-to-malware\/malware-attack-150518-2\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2.jpg\" data-orig-size=\"800,372\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"malware-attack-150518-2\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2-300x140.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2.jpg\" class=\"aligncenter size-full wp-image-19896\" src=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2.jpg\" alt=\"HTML Malware Attachment\" width=\"800\" height=\"372\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2-300x140.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2-768x357.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2-500x233.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/malware-attack-150518-2-585x272.jpg 585w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p>If you click \u00a0the PDF attachment, \u00a0 a supposedly &#8220;secure or protected&#8221; file will open \u00a0in your PDF reader. The blurred out background may seem like a genuine shipping document at first glance. \u00a0 You will be prompted to click a link to unlock the full PDF. However, clicking the link again downloads \u00a0a Microsoft word file:<\/p>\n<p><a href=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"19897\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-maersk-line-shipping-documents-email-links-to-malware\/maresk-shipping-dcouments-150518-3\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3.jpg\" data-orig-size=\"800,633\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"maresk-shipping-dcouments-150518-3\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3-300x237.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3.jpg\" class=\"aligncenter size-full wp-image-19897\" src=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3.jpg\" alt=\"Bogus PDF links to Malware\" width=\"800\" height=\"633\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3-300x237.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3-768x608.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3-500x396.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2018\/05\/maresk-shipping-dcouments-150518-3-585x463.jpg 585w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p>Regardless of which attachment you open, you will end up with the same Word file. When you try to open the Word file, you will then be told that you must enable macros before you can view the file&#8217;s contents. But, if you do enable macros, a malicious macro will then download and install further malware. \u00a0 \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<style>\n\t\t\t\t\t#wpsm_accordion_19216 .wpsm_panel-heading{\npadding:0px !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title {\nmargin:0px !important; \ntext-transform:none !important;\nline-height: 1 !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title a{\ntext-decoration:none;\ncolor:#000000 !important;\nfont-size:18px !important;\ndisplay:block;\npadding:0px;\nfont-family: Open Sans !important;\npadding-top: 10px;\npadding-bottom: 10px;\nborder-bottom:1px solid  #ddd !important;<\/p>\n<p>}\n#wpsm_accordion_19216 .wpsm_panel-title a:hover,#wpsm_accordion_19216 .wpsm_panel-title a:visited, #wpsm_accordion_19216 .wpsm_panel-title a:focus {\n\tcolor:#000000 !important;\n}\n#wpsm_accordion_19216 .acc-a{\n\tcolor: #000000 !important;\n\tbackground-color:#7dcec9 !important;\n\tborder-color: #ddd;\n}\n#wpsm_accordion_19216 .wpsm_panel-default > .wpsm_panel-heading{\n\tcolor: #000000 !important;\n\tbackground-color: #7dcec9 !important;\n\tborder-color: #7dcec9 !important;\n\tborder-top-left-radius: 0px;\n\tborder-top-right-radius: 0px;\n}\n#wpsm_accordion_19216 .wpsm_panel-default {\n\t\tborder:0px solid transparent !important;\n\t}\n#wpsm_accordion_19216 {\n\tmargin-bottom: 20px;\n\toverflow: hidden;\n\tfloat: left;\n\twidth: 100%;\n\tdisplay: block;\n}\n#wpsm_accordion_19216 .ac_title_class{\n\tdisplay: inline-block;\n    padding-top: 5px;\n    padding-bottom: 5px;\n    padding-left: 13px;\n    padding-right: 10px;\n    border: 0px solid #ddd;\n\tfont-size:18px !important;\nfont-family: Open Sans !important;<\/p>\n<p>}\n#wpsm_accordion_19216  .wpsm_panel {\n\toverflow:hidden;\n\t-webkit-box-shadow: 0 0px 0px rgba(0, 0, 0, .05);\n\tbox-shadow: 0 0px 0px rgba(0, 0, 0, .05);<\/p>\n<p>\t\tborder-radius: 4px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel + .wpsm_panel {\n\t\tmargin-top: 0px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel-body{\nbackground-color:#e2e2e2 !important;\ncolor:#000000 !important;\nborder-top-color: #7dcec9 !important;\nfont-size:16px !important;\nfont-family: Open Sans !important;\noverflow: hidden;<\/p>\n<p>border: 0px solid #ddd !important;<\/p>\n<p>border-top:0px !important;\n}<\/p>\n<p>#wpsm_accordion_19216 .ac_open_cl_icon{\n\tbackground-color:#dd3333;\n\tcolor: #ffffff;<\/p>\n<p>     padding-top: 5px; \n     padding-bottom: 5px; \n\t margin-left:10px;\n    line-height: 1.0;\n    font-size:18px !important;\ntext-align: center !important;\n     width: 32px !important;\n    display: inline-block;<\/p>\n<p>}\n#wpsm_accordion_19216 .ac_open_cl_number{\n width: 25px !important;\n    display: inline-block;\n\t margin-left:10px;\n\t text-align: center !important;\n\t font-size:18px !important;<\/p>\n<p>}<\/p>\n<p>\t\t\t #wpsm_accordion_19216 .wpsm_panel-heading {\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}\n\t\t\t#wpsm_accordion_19216 .ac_open_cl_icon{\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}<\/p>\n<\/style>\n<div class=\"wpsm_panel-group\" id=\"wpsm_accordion_19216\" >\n<p>\t\t\t\t  <!-- Inner panel Start --><\/p>\n<div class=\"wpsm_panel wpsm_panel-default\">\n<div class=\"wpsm_panel-heading\" role=\"tab\" >\n<h4 class=\"wpsm_panel-title\">\n\t\t\t\t\t\t<a  class=\"\"  data-toggle=\"collapse\" data-parent=\"#wpsm_accordion_19216 \" href=\"#ac_19216_collapse1\"  ><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"ac_title_class\"><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span style=\"margin-right:6px;\" class=\"fa fa-lightbulb-o\"><\/span><br \/>\n\t\t\t\t\t\t\t\tToggle to read more about macros\t\t\t\t\t\t\t<\/span><br \/>\n\t\t\t\t\t\t<\/a><br \/>\n\t\t\t\t\t  <\/h4>\n<\/p><\/div>\n<div id=\"ac_19216_collapse1\" class=\"wpsm_panel-collapse collapse_19216 collapse \"  >\n<div class=\"wpsm_panel-body\">\n<div class=\"indentPara\">For those that may not be aware, a macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Complex macros can be created using VBA (Visual Basic for Applications) and can be very helpful in some workflows.<\/p>\n<p>But malicious VBA macros can also be created and distributed. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.<\/p>\n<p>However, criminals have apparently realized that many computer users will have forgotten about or have no knowledge of macro threats. Thus, \u00a0<a title=\"Remember macro viruses? Infected Word and Excel files? They're back...\" href=\"http:\/\/nakedsecurity.sophos.com\/2014\/07\/07\/remember-macro-viruses-infected-word-and-excel-files-theyre-back\/\">malicious macros are again being used<\/a> \u00a0to spread malware. \u00a0<\/p>\n<p>In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.<\/p>\n<p>Unless you have a compelling reason, you would be best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with Microsoft Office documents.\t\t\t\t\t  <\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>\t\t\t\t   <!-- Inner panel End --><\/p><\/div>\n<p>\t\t\t\t<script>\n\tjQuery(document).ready(function() {<\/p>\n<p>\t\t\tjQuery('.collapse_19216').on('shown.bs.collapse', function(){jQuery(this).parent().find(\".fa-plus\").removeClass(\"fa-minus\").addClass(\"fa-minus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").addClass(\"acc-a\"); }).on('hidden.bs.collapse', function(){jQuery(this).parent().find(\".fa-minus\").removeClass(\"fa-minus\").addClass(\"fa-plus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").removeClass(\"acc-a\");});<\/p>\n<p>\t\t});\n\t<\/script><\/p>\n<p>The malware that the macro downloads \u00a0may be ransomware that locks up all of the files on your computer and then demands a fee for the unlock \u00a0code. \u00a0 Or, the malware may be designed to steal sensitive information such as banking passwords from your computer and sent it to online criminals.<\/p>\n<p>The criminals responsible \u00a0for distributing these scam emails hope that at least a few recipients will download the file either \u00a0out of curiosity or concern. Even if they are not expecting any consignment and have had no dealings with Maersk Line. And, alas, many people will download \u00a0the files and infect their computers with malware.<\/p>\n<p>Malware campaigns like this are <a href=\"https:\/\/www.hoax-slayer.net\/category\/malware\/\">very common<\/a> and use the names of many different companies around the world to make their false claims seem more plausible.<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- Third Content Ad Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1909104632\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/fake-maersk-line-shipping-documents-email-links-to-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/fake-maersk-line-shipping-documents-email-links-to-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>This email, which purports to be from \u00a0container shipping company Maersk Line, claims that you can open an attached file to view original shipping documents supposedly related to a consignment that is being shipped to you. \u00a0 However, the email is not from \u00a0Maersk Line and has no connection to the company. \u00a0 And, the [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1515","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1515"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1515"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/1515\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1515"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}