{"id":2029,"date":"2019-04-06T19:33:53","date_gmt":"2019-04-06T19:33:53","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2029"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"IMAGINiT-'Urgent-Invoice'-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2029","title":{"rendered":"IMAGINiT &#8216;Urgent Invoice&#8217; Malware Email"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\n&#8216;Urgent&#8217; email purporting to be from \u00a0Autodesk software provider IMAGINiT claims that an invoice \u00a0is past due and you should therefore open an attached .rtf file to review the invoice.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><br \/>\n<span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe email is not from IMAGINiT and the attachment does not contain an invoice. The attached document contains a malicious macro that, if run, can download and install malware on your computer.<\/p>\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: Urgent: IMAGINiT invoice BDINV54736 is Past due<\/strong><\/p>\n<p>Dear Valued Customer-Please be aware that our invoice BDINV54736 (attached) is currently past due and payment is required at this time. Our remittance address is indicated on the attached invoice. Please note that credit card payments will not be accepted for invoices processed with credit terms. If you have any questions regarding your invoice, please contact us on 581-685-1209 using reference account number 8A81D-712.Payments and\/or credits of $0.00 have been applied to this invoice, the balance currently due is $108.46.<\/p>\n<p>Thank you for your business and we appreciate your prompt response in this matter.<\/p>\n<p>Sincerely,<\/p>\n<p>IMAGINiT, a Division of Rand Worldwide<\/p>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1.jpg\" data-rel=\"penci-gallery-image-content\"  rel=\"attachment wp-att-1311\"><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"1311\" data-permalink=\"https:\/\/www.hoax-slayer.net\/imaginit-urgent-invoice-malware-email\/imagineit-malware-email-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1.jpg\" data-orig-size=\"800,504\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"imagineit-malware-email-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1-300x189.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1.jpg\" class=\"aligncenter size-full wp-image-1311\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1.jpg\" alt=\"Imaginit Malware Email\" width=\"800\" height=\"504\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1-300x189.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/03\/imagineit-malware-email-1-768x484.jpg 768w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"5727909035\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nThis supposedly urgent email purports to be from \u00a0Autodesk software provider IMAGINiT and includes the \u00a0IMAGINiT logo. The email claims that a payment is now past due and requests that you opened an attached document to review the overdue invoice. The attached document is in Rich Text Format (.rtf), a type of file that will open in Microsoft Office software such as Microsoft Word.<\/p>\n<p>However, the email is not from \u00a0IMAGINiT and the attachment does not contain an invoice. \u00a0If you click the .rtf file, you will receive a message that prompts you to enable macros, ostensibly so that the contents of the document can be correctly displayed.  \u00a0If you do enable macros as requested, a malicious macro will run. \u00a0The macro will connect to a website and download \u00a0a version of the DRIDEX banking trojan. After it is installed, the trojan can use various methods to steal online banking login credentials and \u00a0send \u00a0the stolen information to criminals.<\/p>\n<p>The criminals rely on the fact that many users may not know what macros are or be <a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">aware of the potential dangers<\/a> they pose. A \u00a0macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task. \u00a0Macros \u00a0can be very helpful in some workflows. \u00a0But malicious macros can also be created and distributed.<\/p>\n<p>Later versions of Microsoft Office disable macros by default to reduce the threat of macro viruses.  \u00a0However, a number of <a title=\"Loads Of Macro Malware 'Invoice' Emails Hitting Inboxes\" href=\"http:\/\/hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">recent malware attacks<\/a> try to trick recipients into enabling macros and thereby allowing their computers to be infected.<\/p>\n<p>Unless you have a specific need to use macros, it is best to leave them disabled. And, do not believe any message that claims that you must enable macros to view ordinary types of documents such as billing invoices.<\/p>\n<div align=\"center\">\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1358951439\"\n     data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p class=\"date\">Last updated: March 18, 2016<br \/>\nFirst published: March 18, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"Urgent: IMAGINiT invoice ... is Past due - Malware\" href=\"https:\/\/techhelplist.com\/spam-list\/1071-urgent-imaginit-invoice-is-past-due-malware\">Urgent: IMAGINiT invoice &#8230; is Past due &#8211; Malware<\/a><br \/>\n<a title=\"Loads Of Macro Malware 'Invoice' Emails Hitting Inboxes\" href=\"http:\/\/hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\">Loads Of Macro Malware &#8216;Invoice&#8217; Emails Hitting Inboxes<\/a><br \/>\n<a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">Macro Virus Threat Returns &#8211; Beware Emails With Malicious Word Attachments<\/a><br \/>\n<a title=\"Malware Threat Articles\" href=\"http:\/\/www.hoax-slayer.com\/malware-threat-articles.shtml\">Malware Threat Articles<\/a><\/p>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/imaginit-urgent-invoice-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/imaginit-urgent-invoice-malware-email\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: &#8216;Urgent&#8217; email purporting to be from \u00a0Autodesk software provider IMAGINiT claims that an invoice \u00a0is past due and you should therefore open an attached .rtf file to review the invoice. Brief Analysis: The email is not from IMAGINiT and the attachment does not contain an invoice. The attached document contains a malicious macro that, [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2029","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2029"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2029"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2029\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2029"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2029"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2029"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}