{"id":2781,"date":"2019-04-06T19:34:12","date_gmt":"2019-04-06T19:34:12","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=2781"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"RingCentral-\"New-Fax-Message\";-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=2781","title":{"rendered":"RingCentral &#8220;New Fax Message&#8221;; Malware Email"},"content":{"rendered":"<div>\n<h2>Outline<\/h2>\n<p>Email purporting to be from Internet fax service RingCentral claims that the recipient has a new fax message that can be viewed by opening an attached file. <\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"4870821038\"\n     data-ad-format=\"auto\"><\/ins><br \/>\n<script>\n(adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<h2>Brief Analysis<\/h2>\n<p>The email is not from RingCentral and the attachment does not contain a fax message. Instead, the attachment harbours malware. Once installed, this malware may harvest sensitive information from the compromised computer and download other dangerous malware components. If you receive this message, do not click any links or open any attachments that it contains.<\/p>\n<h2>Example<\/h2>\n<div class=\"example\">You Have a New Fax Message<br \/>\nFrom: [Removed]<br \/>\nReceived: Tuesday, April 8, 2014 at 9:34 AM<br \/>\nPages: 1<br \/>\nTo view this message, please open the attachmentThank you for using RingCentral.<a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"4368\" data-permalink=\"https:\/\/www.hoax-slayer.net\/ringcentral-new-fax-message-malware-email\/ring-central-fax-notification-malware\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware.jpg\" data-orig-size=\"490,356\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"ring-central-fax-notification-malware\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware-300x218.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware.jpg\" class=\"aligncenter size-full wp-image-4368\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware.jpg\" alt=\"Ring central Fax Malware Email\" width=\"490\" height=\"356\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware.jpg 490w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware-300x218.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2017\/01\/ring-central-fax-notification-malware-275x200.jpg 275w\" sizes=\"(max-width: 490px) 100vw, 490px\" \/><\/a><\/p>\n<\/div>\n<p>&nbsp;<\/p>\n<h2>Detailed Analysis<\/h2>\n<p>This email, which purports to be from the Internet-based fax service, RingCentral, claims that recipients have been sent a new fax message. The email invites recipients to open an attached .zip file to view the fax message.<\/p>\n<p>However, RingCentral did not send the email and the attachment does not contain a fax message as claimed.<\/p>\n<p>Those who go ahead and open the attached .zip file will find that it contains what may appear to less computer literate users to be a harmless .pdf. These users may expect a fax message transcript to be a .pdf and therefore click to open it without due caution. However, the file actually has a double extension (.pdf.exe). Thus, by opening the file, users are actually <a class=\"norm\" title=\"RingCentral New Fax Message fake Word doc or PDF malware\" href=\"http:\/\/myonlinesecurity.co.uk\/ring-central-new-fax-message-fake-word-doc-malware\/\">installing malware<\/a> on their computers. \u00a0<\/p>\n<p><script async src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\"><\/script><br \/>\n<ins class=\"adsbygoogle\"\n     style=\"display:block; text-align:center;\"\n     data-ad-format=\"fluid\"\n     data-ad-layout=\"in-article\"\n     data-ad-client=\"ca-pub-0355887770822260\"\n     data-ad-slot=\"9162856233\"><\/ins><br \/>\n<script>\n     (adsbygoogle = window.adsbygoogle || []).push({});\n<\/script><\/p>\n<p> The precise payload in these malware emails may vary. Typically, however, the malware can collect sensitive personal and financial information from the compromised computer and relay it to remote servers operated by criminals. It may also download and install other malware such as ransomware.<\/p>\n<p>The <a href=\"https:\/\/www.hoax-slayer.net\/incoming-fax-report-malware-email\/\">fake fax notification emai<\/a>l ruse has been used <a href=\"https:\/\/www.hoax-slayer.net\/rapidfax-malware-email\/\">several times in the past<\/a> by online criminals intent on distributing malware.<\/p>\n<p>At one time, fax machines were used extensively for business communications. But reliance on the machines has lessened considerably as newer technologies have emerged. However, should the need arise, faxes can still be sent and received via online fax services such as RingCentral.<\/p>\n<p>Because online fax services do generally notify people of incoming faxes via email, criminals <a href=\"https:\/\/www.hoax-slayer.net\/tag\/fax\/\">often send emails pretending to be from such services<\/a> to trick people into installing malware.<\/p>\n<p>If you receive such an email, do not open any attachments or click any links that it contains. Instead, log in to your online fax service account by entering the account address into your browser&#8217;s address bar.  \u00a0If you really did receive a fax, you should be able to safely access and view it via the service&#8217;s website.<\/p>\n<p><\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/ringcentral-new-fax-message-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/ringcentral-new-fax-message-malware-email\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline Email purporting to be from Internet fax service RingCentral claims that the recipient has a new fax message that can be viewed by opening an attached file. Brief Analysis The email is not from RingCentral and the attachment does not contain a fax message. Instead, the attachment harbours malware. Once installed, this malware may [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-2781","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2781"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=2781"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/2781\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=2781"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=2781"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=2781"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}