{"id":2241,"date":"2019-04-06T19:33:58","date_gmt":"2019-04-06T19:33:58","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2241"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"MALWARE---'You-Have-Received-a-9-Page-Fax'-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2241","title":{"rendered":"MALWARE &#8211; &#8216;You Have Received a 9 Page Fax&#8217; Email"},"content":{"rendered":"<div>\n<p>According to this email, you have received a 9-page fax which you can view by opening an attached Microsoft Word document. \u00a0 <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>The email claims to be from the \u00a0online fax service eFax. It includes the date the fax was supposedly sent along with a reference number and caller ID.<\/p>\n<p>However, eFax did not send the email and the attachment does not contain a fax document.<\/p>\n<p>Instead, the email is a criminal ruse designed to trick you into installing malware.<\/p>\n<p>If you attempt to open the attached \u00a0Word file, you will be prompted to enable content, ostensibly so that the &#8220;fax&#8221; can be properly displayed. \u00a0 If you follow the instructions, a malicious \u00a0macro will run in the background. \u00a0 The macro can download and install malware on your computer.<\/p>\n<style>\n\t\t\t\t\t#wpsm_accordion_19216 .wpsm_panel-heading{\npadding:0px !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title {\nmargin:0px !important; \ntext-transform:none !important;\nline-height: 1 !important;\n}\n#wpsm_accordion_19216 .wpsm_panel-title a{\ntext-decoration:none;\ncolor:#000000 !important;\nfont-size:18px !important;\ndisplay:block;\npadding:0px;\nfont-family: Open Sans !important;\npadding-top: 10px;\npadding-bottom: 10px;\nborder-bottom:1px solid  #ddd !important;<\/p>\n<p>}\n#wpsm_accordion_19216 .wpsm_panel-title a:hover,#wpsm_accordion_19216 .wpsm_panel-title a:visited, #wpsm_accordion_19216 .wpsm_panel-title a:focus {\n\tcolor:#000000 !important;\n}\n#wpsm_accordion_19216 .acc-a{\n\tcolor: #000000 !important;\n\tbackground-color:#7dcec9 !important;\n\tborder-color: #ddd;\n}\n#wpsm_accordion_19216 .wpsm_panel-default > .wpsm_panel-heading{\n\tcolor: #000000 !important;\n\tbackground-color: #7dcec9 !important;\n\tborder-color: #7dcec9 !important;\n\tborder-top-left-radius: 0px;\n\tborder-top-right-radius: 0px;\n}\n#wpsm_accordion_19216 .wpsm_panel-default {\n\t\tborder:0px solid transparent !important;\n\t}\n#wpsm_accordion_19216 {\n\tmargin-bottom: 20px;\n\toverflow: hidden;\n\tfloat: left;\n\twidth: 100%;\n\tdisplay: block;\n}\n#wpsm_accordion_19216 .ac_title_class{\n\tdisplay: inline-block;\n    padding-top: 5px;\n    padding-bottom: 5px;\n    padding-left: 13px;\n    padding-right: 10px;\n    border: 0px solid #ddd;\n\tfont-size:18px !important;\nfont-family: Open Sans !important;<\/p>\n<p>}\n#wpsm_accordion_19216  .wpsm_panel {\n\toverflow:hidden;\n\t-webkit-box-shadow: 0 0px 0px rgba(0, 0, 0, .05);\n\tbox-shadow: 0 0px 0px rgba(0, 0, 0, .05);<\/p>\n<p>\t\tborder-radius: 4px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel + .wpsm_panel {\n\t\tmargin-top: 0px;\n\t}\n#wpsm_accordion_19216  .wpsm_panel-body{\nbackground-color:#e2e2e2 !important;\ncolor:#000000 !important;\nborder-top-color: #7dcec9 !important;\nfont-size:16px !important;\nfont-family: Open Sans !important;\noverflow: hidden;<\/p>\n<p>border: 0px solid #ddd !important;<\/p>\n<p>border-top:0px !important;\n}<\/p>\n<p>#wpsm_accordion_19216 .ac_open_cl_icon{\n\tbackground-color:#dd3333;\n\tcolor: #ffffff;<\/p>\n<p>     padding-top: 5px; \n     padding-bottom: 5px; \n\t margin-left:10px;\n    line-height: 1.0;\n    font-size:18px !important;\ntext-align: center !important;\n     width: 32px !important;\n    display: inline-block;<\/p>\n<p>}\n#wpsm_accordion_19216 .ac_open_cl_number{\n width: 25px !important;\n    display: inline-block;\n\t margin-left:10px;\n\t text-align: center !important;\n\t font-size:18px !important;<\/p>\n<p>}<\/p>\n<p>\t\t\t #wpsm_accordion_19216 .wpsm_panel-heading {\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}\n\t\t\t#wpsm_accordion_19216 .ac_open_cl_icon{\n\t\t\t\tbackground-image: url(https:\/\/www.hoax-slayer.net\/wp-content\/plugins\/faq-responsive\/assets\/images\/style-soft.png);\n\t\t\t\tbackground-position: 0 0;\n\t\t\t\tbackground-repeat: repeat-x;\n\t\t\t}<\/p>\n<\/style>\n<div class=\"wpsm_panel-group\" id=\"wpsm_accordion_19216\" >\n<p>\t\t\t\t  <!-- Inner panel Start --><\/p>\n<div class=\"wpsm_panel wpsm_panel-default\">\n<div class=\"wpsm_panel-heading\" role=\"tab\" >\n<h4 class=\"wpsm_panel-title\">\n\t\t\t\t\t\t<a  class=\"\"  data-toggle=\"collapse\" data-parent=\"#wpsm_accordion_19216 \" href=\"#ac_19216_collapse1\"  ><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span class=\"ac_title_class\"><br \/>\n\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t\t<span style=\"margin-right:6px;\" class=\"fa fa-lightbulb-o\"><\/span><br \/>\n\t\t\t\t\t\t\t\tToggle to read more about macros\t\t\t\t\t\t\t<\/span><br \/>\n\t\t\t\t\t\t<\/a><br \/>\n\t\t\t\t\t  <\/h4>\n<\/p><\/div>\n<div id=\"ac_19216_collapse1\" class=\"wpsm_panel-collapse collapse_19216 collapse \"  >\n<div class=\"wpsm_panel-body\">\n<div class=\"indentPara\">For those that may not be aware, a macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task.<\/p>\n<p>Complex macros can be created using VBA (Visual Basic for Applications) and can be very helpful in some workflows.<\/p>\n<p>But malicious VBA macros can also be created and distributed. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.<\/p>\n<p>However, criminals have apparently realized that many computer users will have forgotten about or have no knowledge of macro threats. Thus, \u00a0<a title=\"Remember macro viruses? Infected Word and Excel files? They're back...\" href=\"http:\/\/nakedsecurity.sophos.com\/2014\/07\/07\/remember-macro-viruses-infected-word-and-excel-files-theyre-back\/\">malicious macros are again being used<\/a> \u00a0to spread malware. \u00a0<\/p>\n<p>In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.<\/p>\n<p>Unless you have a compelling reason, you would be best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with Microsoft Office documents.\t\t\t\t\t  <\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<p>\t\t\t\t   <!-- Inner panel End --><\/p><\/div>\n<p>\t\t\t\t<script>\n\tjQuery(document).ready(function() {<\/p>\n<p>\t\t\tjQuery('.collapse_19216').on('shown.bs.collapse', function(){jQuery(this).parent().find(\".fa-plus\").removeClass(\"fa-minus\").addClass(\"fa-minus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").addClass(\"acc-a\"); }).on('hidden.bs.collapse', function(){jQuery(this).parent().find(\".fa-minus\").removeClass(\"fa-minus\").addClass(\"fa-plus\"); jQuery(this).parent().find(\".wpsm_panel-heading\").removeClass(\"acc-a\");});<\/p>\n<p>\t\t});\n\t<\/script><\/p>\n<p>Details in these malware emails may vary. Dates, reference numbers and the number of supposed fax pages may vary in <a href=\"https:\/\/www.hoax-slayer.net\/ringcentral-new-fax-message-malware-email\/\">different versions<\/a>.<\/p>\n<p><a href=\"https:\/\/www.hoax-slayer.net\/you-have-received-a-5-page-fax-email-contains-malware\/\">Some versions<\/a> may attempt to trick you into clicking a link to download the malware rather than opening an attached file.<\/p>\n<p>Online fax services do notify people about incoming faxes via email. \u00a0 For this reason, \u00a0 criminals often send emails pretending to be from fax services.<\/p>\n<p>If you receive an unexpected fax notification email, do not open any attachments or click any links that it contains. Instead, log in to the online fax service account by entering the \u00a0account address into your browser&#8217;s address bar.  \u00a0If you really did receive a fax, you should be able to safely access and view it via the service&#8217;s website. \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<h2>An example of the malware email<\/h2>\n<div class=\"example\">\n<p>Fax Message [Caller-ID:32817735]You have received a 9 page fax at October 03 2018.<\/p>\n<p>*The Reference number for this fax is [eFAX-537230603]<\/p>\n<p>View attached fax using your any .doc reader.<\/p>\n<p>Please see attached file if you have any questions regarding this message or your service.<br \/>\nThank you for using the eFax service!<\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/malware-you-have-received-a-9-page-fax-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/malware-you-have-received-a-9-page-fax-email\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to this email, you have received a 9-page fax which you can view by opening an attached Microsoft Word document. \u00a0 The email claims to be from the \u00a0online fax service eFax. It includes the date the fax was supposedly sent along with a reference number and caller ID. However, eFax did not send [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2241","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2241"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2241"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2241\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2241"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2241"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2241"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}