{"id":2220,"date":"2019-04-06T19:33:58","date_gmt":"2019-04-06T19:33:58","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2220"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"Loads-of-Macro-Malware-'Invoice'-Emails-Hitting-Inboxes","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2220","title":{"rendered":"Loads of Macro Malware &#8216;Invoice&#8217; Emails Hitting Inboxes"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nInboxes are currently being hit by malicious \u00a0&#8216;invoice&#8217; or &#8216;receipt&#8217; emails with \u00a0attached Microsoft Word documents.<br \/>\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe emails are designed to trick people into \u00a0enabling macros so that a malicious \u00a0macro can run and subsequently download and install malware. Be wary of any Microsoft Word or other \u00a0Microsoft Office email attachment that claims that you must enable macros \u00a0to view an invoice or receipt. \u00a0 \u00a0If your are unfamiliar with macros \u00a0and the potential dangers they pose, scroll down to the Detailed Analysis for more information.<\/p>\n<div class=\"example\">\n<p><span style=\"color: #ff0000;\"><b>Examples:<\/b><\/span><\/p>\n<p><strong>Subject: \u00a0Receipt &#8211; Order No 173535<\/strong><\/p>\n<p>[No content]<\/p>\n<p><em>Attached: \u00a0Receipt &#8211; Order No 173535.docm<\/em><\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<div class=\"example\">\n<p><strong>Subject: Scanned Invoice<\/strong>Dear [name removed] ,<\/p>\n<p>Scanned Invoice in Microsoft Word format has been attached to this email.<\/p>\n<p>Thank you!<\/p>\n<p>[Name removed]<br \/>\nSales Manager<\/p>\n<p><em>Attached: SCAN_Invoice_[name removed].doc<\/em><\/p>\n<\/div>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"5727909035\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nA new wave of macro malware emails is currently hitting inboxes.  \u00a0These emails are very short and to the point. Many of them have no content at all in the body of the email but feature a subject line that implies that you can view a receipt or invoice by opening an attached file. Other versions include a brief message that echoes \u00a0the suggestion in the subject line that the attachment contains a \u00a0receipt or invoice. The attachments are usually Microsoft Word documents, although some may be in other Microsoft Office formats such as Excel.<\/p>\n<p>The criminals running these malware campaigns know that at least a few recipients will want to open the attachments out of \u00a0simple concern and curiosity. Recipients \u00a0may be worried that they have \u00a0been billed for items or services that they never bought.  \u00a0The emails do not name the company that they were supposedly sent by, nor do they contain any information at all about the supposed \u00a0purchase. This lack of detail is a deliberate ploy designed to get people clicking on attachments in the hope of revealing the missing information. \u00a0 \u00a0And, \u00a0because the attachments are seemingly innocuous Microsoft Office documents, at least a few recipients may let their guard down and open them without due caution.<\/p>\n<p>If \u00a0people do attempt \u00a0to open the \u00a0attachments, they will be prompted to enable macros supposedly so that the contents can be properly displayed. But, if they do enable macros as requested, a malicious macro will then be able to run. This macro can connect to a compromised website and download and install \u00a0malware of various \u00a0types.<\/p>\n<p>For those that may not be aware, a macro is a set of commands and instructions that can be grouped \u00a0as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Macros \u00a0can be very helpful in some workflows and quite complex macros can be created. But, such complex macros can be created to perform evil \u00a0deeds as well as good. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default.<\/p>\n<p>Alas, many users may have either \u00a0forgotten \u00a0about or have no \u00a0knowledge of \u00a0macro risks and may therefore \u00a0be inclined to enable macros if requested \u00a0to do so.<\/p>\n<p>While macros can certainly be useful in some workflows, it is best to leave them disabled if you do not use them and and are unfamiliar \u00a0with their potential security \u00a0risks. And, do not believe any message that claims that you must enable macros \u00a0in order to view a simple document such as a billing invoice or receipt.<\/p>\n<div align=\"center\">\n<script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1358951439\"\n     data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<p class=\"date\">Last updated: \u00a0March 7, 2016<br \/>\nFirst published: \u00a0 \u00a0March 7, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n<p class=\"ref\">References<br \/>\n<a title=\"'BP Fuel Card E-Bill' Excel Macro Malware Email\" href=\"http:\/\/hoax-slayer.net\/bp-fuel-card-e-bill-excel-macro-malware-email\/\">&#8216;BP Fuel Card E-Bill&#8217; Excel Macro Malware Email<\/a><br \/>\n<a title=\"Malware Threat Articles\" href=\"http:\/\/www.hoax-slayer.com\/malware-threat-articles.shtml\">Malware Threat Articles<\/a><\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Primary Matched Content --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"2703041438\"\n     data-ad-format=\"autorelaxed\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/loads-of-macro-malware-invoice-emails-hitting-inboxes\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Inboxes are currently being hit by malicious \u00a0&#8216;invoice&#8217; or &#8216;receipt&#8217; emails with \u00a0attached Microsoft Word documents. Brief Analysis: The emails are designed to trick people into \u00a0enabling macros so that a malicious \u00a0macro can run and subsequently download and install malware. Be wary of any Microsoft Word or other \u00a0Microsoft Office email attachment that [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2220","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2220"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2220"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2220\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2220"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2220"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2220"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}