{"id":342,"date":"2019-04-06T19:33:18","date_gmt":"2019-04-06T19:33:18","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=342"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"'Tax-Return-Request-Submitted'-Macro-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=342","title":{"rendered":"&#8216;Tax Return Request Submitted&#8217; Macro Malware Email"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nEmail claims that your tax return request has \u00a0been successfully submitted and that you can view your submission by opening an attached file.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe email is fraudulent. The attached .zip file contains a Microsoft Word document that harbours a malicious macro. If allowed to run, this macro can download and install malware on your computer.<br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\/\/ <![CDATA[\n(adsbygoogle = window.adsbygoogle || []).push({});\n\/\/ ]]&gt;<\/script><\/p>\n\n\n\n\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<strong>Subject: Tax return request submitted<\/strong><\/p>\n\n\n\n\n<p>Your tax return request has been successfully submitted<br \/>\nThank you for your request.To view the submission details please refer to the attachment<\/p>\n\n<\/div>\n\n\n\n\n<p><!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\/\/ <![CDATA[\n(adsbygoogle = window.adsbygoogle || []).push({});\n\/\/ ]]&gt;<\/script><\/p>\n\n\n\n\n<p><span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to this email, your tax return request has been successfully submitted. It urges you to open an attached file to view submission details.<\/p>\n\n\n\n\n<p>However, the email is not from any legitimate tax agency or accounting firm. Instead, it is a simple ruse designed to trick you into allowing malware to be installed on your computer.<\/p>\n\n\n\n\n<p>If you open the attached \u00a0.zip file, you will find that it contains a seemingly harmless Microsoft Word document. But, if you click to open the Word document, you will be prompted to enable macros, ostensibly so that the content can be correctly displayed.<\/p>\n\n\n\n\n<p>If you then enable macros as requested, a malicious macro will clandestinely download and install malware. The exact purpose of this malware may vary. In some cases, the malware may be ransomware that can lock your computer&#8217;s files and then demand a fee to receive an unlock key. In other cases, it may be malware that can steal sensitive information such as banking passwords from your computer.<\/p>\n\n\n\n\n<p>People who have recently submitted their tax return may be especially vulnerable to this ruse. And, some people who have not submitted a return may believe that a mistake has been made and open the attachment to find out more information.<\/p>\n\n\n\n\n<p>Be wary of any email that claims that you must enable macros to view an ordinary document such as a tax return submission or an invoice. There is no reason why you should need macros to view such documents.<\/p>\n\n\n\n\n<p>If you are unfamiliar with macros and the possible security threats they pose, please refer to this <a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">earlier Hoax-Slayer report<\/a>.<\/p>\n\n\n\n\n<div align=\"center\"><script src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\" async=\"\"><\/script><br \/>\n <!-- HS Net Bottom AdLinks --><br \/>\n <ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\/\/ <![CDATA[\n(adsbygoogle = window.adsbygoogle || []).push({});\n\/\/ ]]&gt;<\/script><\/div>\n\n\n\n\n<p><a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"717\" data-permalink=\"https:\/\/www.hoax-slayer.net\/fake-telstra-bill-emails-again-being-used-to-distribute-malware\/malware-binary-code-glass-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" data-orig-size=\"800,546\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"malware-binary-code-glass-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-300x205.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" class=\"aligncenter size-full wp-image-717\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg\" alt=\"Malware on Binary Code Graphic\" width=\"800\" height=\"546\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-300x205.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-768x524.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/02\/malware-binary-code-glass-1-293x200.jpg 293w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/p>\n\n\n\n\n<p class=\"date\">Last updated: June 2, 2016<br \/>\nFirst published: June 2, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n\n\n\n\n<p class=\"ref\">References<br \/>\n<a title=\"Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments\" href=\"http:\/\/www.hoax-slayer.com\/word-macro-malware-emails.shtml\">Macro Virus Threat Returns &#8211; Beware Emails With Malicious Word Attachments<\/a><br \/>\n<a title=\"Malware Threat Articles\" href=\"http:\/\/www.hoax-slayer.com\/malware-threat-articles.shtml\">Malware Threat Articles<\/a><\/p>\n\n\n\n\n<p>&nbsp;<\/p>\n\n\n<\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/tax-return-request-submitted-macro-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/tax-return-request-submitted-macro-malware-email\/<\/a><br \/>\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Email claims that your tax return request has \u00a0been successfully submitted and that you can view your submission by opening an attached file. Brief Analysis: The email is fraudulent. The attached .zip file contains a Microsoft Word document that harbours a malicious macro. If allowed to run, this macro can download and install malware [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-342","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/342"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=342"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/342\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=342"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=342"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=342"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}