{"id":271,"date":"2019-04-06T19:33:17","date_gmt":"2019-04-06T19:33:17","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=271"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"'IOU-Enclosed'-Macro-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=271","title":{"rendered":"&#8216;IOU Enclosed&#8217; Macro Malware Email"},"content":{"rendered":"<div>\n<p>According to this email, you can check an IOU document by opening an attached Microsoft Word file. \u00a0 \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>The email includes  \u00a0&#8220;File Access Credentials&#8221; that you will supposedly need to open the document.<\/p>\n<h2>The message looks like this:<\/h2>\n<blockquote>\n<p>From: [name removed]<\/p>\n<p>Please check the IOU enclosed with this email. The Transaction should appear in 8 hours.<\/p>\n<p>File Access Credentials: 213Neft<\/p>\n<p>Best regards<\/p>\n<p>[Name Removed]<\/p>\n<\/blockquote>\n<p>However, the email is not a legitimate invoice message. Instead, it is an attempt by online criminals \u00a0to trick you into installing malware on your computer.<\/p>\n<p>If you attempt to open the attached Microsoft \u00a0Word document, you will be prompted to enter the file access password supplied in the message:<\/p>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"8286\" data-permalink=\"https:\/\/www.hoax-slayer.net\/iou-enclosed-macro-malware\/iou-malware-word-password-phishing-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1.jpg\" data-orig-size=\"800,307\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"iou-malware-word-password-phishing-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1-300x115.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1.jpg\" class=\"aligncenter size-full wp-image-8286\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1.jpg\" alt=\"Macro Malware Password Prompt\" width=\"800\" height=\"307\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1-300x115.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1-768x295.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1-500x192.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-1-585x224.jpg 585w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p>The supposed password requirement may <a href=\"https:\/\/cysinfo.com\/new-password-protected-macro-malware-evades-sandbox-infects-victims-ursnif-malware\/\">help the malware bypass some automated computer security &#8220;sandbox&#8221; systems. \u00a0<\/a> \u00a0The human intervention required to input the password can evade automated sandboxing technologies.<\/p>\n<p>And, the need to enter a password to access the document may fool some recipients into thinking that the document is secured and thus more likely to be legitimate.  \u00a0In reality, including \u00a0a password \u00a0in the same email that carries \u00a0the supposedly secured document would be pointless. Any viewer of the email could see and use the password so the &#8220;password protected&#8221; document would be no more secure than a document with no password at all.  \u00a0Nevertheless, a busy or inexperienced recipient may be lulled by the semblance of security implied by the password&#8217;s \u00a0inclusion. \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p>After entering the password, you will be prompted to enable editing via a message similar to the following:<\/p>\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"8288\" data-permalink=\"https:\/\/www.hoax-slayer.net\/iou-enclosed-macro-malware\/iou-malware-word-password-phishing-2\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2.jpg\" data-orig-size=\"800,293\" data-comments-opened=\"1\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"iou-malware-word-password-phishing-2\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2-300x110.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2.jpg\" class=\"aligncenter size-full wp-image-8288\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2.jpg\" alt=\"Enable Editing Macro Malware Prompt\" width=\"800\" height=\"293\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2-300x110.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2-768x281.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2-500x183.jpg 500w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/06\/iou-malware-word-password-phishing-2-585x214.jpg 585w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n<p>However, if you do enable editing, a malicious macro can then run in the background and install malware on your computer. \u00a0Malicious macros have been used to install ransomware,  \u00a0malware that can steal banking details from your computer, and other types of malware threat.<\/p>\n<p>For those that may not be aware, a macro is a set of commands and instructions that can be collected as a single command in order to quickly and automatically accomplish a task. Macros can be very helpful in some workflows.  \u00a0But <a href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">malicious macros can also be created <\/a>and distributed.<\/p>\n<p>Be wary of any email that claims that you must enable editing or allow macros to view an attached document. Enabling macros \u00a0should \u00a0never be required simply to view a Word file. Unless you regularly use them and understand their inherent risks, it is best to leave macros disabled in your Microsoft Office software. \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- Third Content Ad Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"1909104632\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<div align=\"center\"><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Bottom AdLinks --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/div>\n<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/iou-enclosed-macro-malware\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/iou-enclosed-macro-malware\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>According to this email, you can check an IOU document by opening an attached Microsoft Word file. \u00a0 \u00a0 The email includes \u00a0&#8220;File Access Credentials&#8221; that you will supposedly need to open the document. The message looks like this: From: [name removed] Please check the IOU enclosed with this email. The Transaction should appear in [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-271","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/271"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=271"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/271\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=271"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=271"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=271"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}