{"id":85,"date":"2019-04-06T19:33:14","date_gmt":"2019-04-06T19:33:14","guid":{"rendered":"http:\/\/www.syyhoaxanalyzer.com\/?p=85"},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-29T17:00:00","slug":"\"NSS-CMS-Invoice\";-Dropbox-Invite-Malware-Email","status":"publish","type":"post","link":"https:\/\/www.syyhoaxanalyzer.com\/?p=85","title":{"rendered":"&#8220;NSS CMS Invoice&#8221;; Dropbox Invite Malware Email"},"content":{"rendered":"<div>\n<p><span style=\"color: #ff0000;\"><strong>Outline:<\/strong><\/span><br \/>\nEmail claims that &#8220;Megan&#8221; has invited you to view the file \u00a0&#8220;NSS CMS Invoice 2016-07.zip&#8221; on file hosting service Dropbox.<\/p>\n<p><span style=\"color: #ff0000;\"><strong>Brief Analysis:<\/strong><\/span><br \/>\nThe email is not a legitimate invoice notification and the download link does not go to Dropbox. Clicking the link downloads a .zip file that harbours a malicious JavaScript file inside. If opened, the JavaScrip file can download and install malware.<br \/>\n<!-- HS Net Top Content Responsive --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"4870821038\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\/\/ <![CDATA[\n(adsbygoogle = window.adsbygoogle || []).push({});\n\/\/ ]]&gt;<\/script><\/p>\n\n\n\n\n<div class=\"example\"><span style=\"color: #ff0000;\"><b>Example:<\/b><\/span><br \/>\n<a href=\"http:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1.jpg\" data-rel=\"penci-gallery-image-content\" ><img loading=\"lazy\" decoding=\"async\" data-attachment-id=\"2114\" data-permalink=\"https:\/\/www.hoax-slayer.net\/nss-cms-invoice-dropbox-invite-malware-email\/cms-invoice-malware-1\/\" data-orig-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1.jpg\" data-orig-size=\"800,779\" data-comments-opened=\"0\" data-image-meta=\"{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}\" data-image-title=\"cms-invoice-malware-1\" data-image-description=\"\" data-medium-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1-300x292.jpg\" data-large-file=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1.jpg\" class=\"size-full wp-image-2114 aligncenter\" src=\"https:\/\/hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1.jpg\" alt=\"CMS Invoice Malware Email\" width=\"800\" height=\"779\" srcset=\"https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1.jpg 800w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1-300x292.jpg 300w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1-768x748.jpg 768w, https:\/\/www.hoax-slayer.net\/wp-content\/uploads\/2016\/08\/cms-invoice-malware-1-205x200.jpg 205w\" sizes=\"(max-width: 800px) 100vw, 800px\" \/><\/a><\/div>\n\n\n\n\n<p><!-- HSNet Article Center --><br \/>\n<ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"5727909035\" data-ad-format=\"auto\"><\/ins><br \/>\n<script>\/\/ <![CDATA[\n(adsbygoogle = window.adsbygoogle || []).push({});\n\/\/ ]]&gt;<\/script><\/p>\n\n\n\n\n<p><span style=\"color: #ff0000;\"><strong>Detailed Analysis:<\/strong><\/span><br \/>\nAccording to this email, which purports to be from the Dropbox Team, &#8220;Megan&#8221; wants you to click a download button to view a file called \u00a0&#8220;NSS CMS Invoice 2016-07.zip&#8221;. Supposedly, the file is an invoice for &#8220;Northern Support Services CMS&#8221;. The message claims that the invoice can be downloaded from the \u00a0file hosting service Dropbox.<\/p>\n\n\n\n\n<p>However, the email is not a legitimate invoice notification and it has \u00a0no connection to \u00a0Northern Support Services. Nor is the file hosted on Dropbox as claimed. Instead, the email is a criminal ruse designed to trick you into installing malware on your computer.<\/p>\n\n\n\n\n<p>If you click the download button, a .zip file will \u00a0be downloaded to your computer. If you then unzip the file, you will find that it contains a file called &#8220;NSS CMS Invoice 2016-07.js&#8221;.  \u00a0The .js file extension means that the file is a JavaScript file. If you click \u00a0this .js file, a malicious JavaScript will download and install further malware components on your computer.<\/p>\n\n\n\n\n<p>The exact \u00a0nature of this malware may vary. However, JavaScript is often used to install \u00a0various types of ransomware.  \u00a0Once installed, ransomware can lock all of the important files on your computer and then demand that you pay a fee to online criminals to receive an unlock key. Malicious JavaScript may also be used to install malware designed to steal online banking login credentials and other personal information from infected computers.<\/p>\n\n\n\n\n<p>Details, such as the name of the supposed sender and the file names, may vary in different versions of these emails.<\/p>\n\n\n\n\n<p>If you receive one of these emails, do not click any links or open any attachments that it contains.<\/p>\n\n\n\n\n<div align=\"center\"><script src=\"\/\/pagead2.googlesyndication.com\/pagead\/js\/adsbygoogle.js\" async=\"\"><\/script><br \/>\n <!-- HS Net Bottom AdLinks --><br \/>\n <ins class=\"adsbygoogle\" style=\"display: block;\" data-ad-client=\"ca-pub-0355887770822260\" data-ad-slot=\"1358951439\" data-ad-format=\"link\"><\/ins><br \/>\n<script>\/\/ <![CDATA[\n(adsbygoogle = window.adsbygoogle || []).push({});\n\/\/ ]]&gt;<\/script><\/div>\n\n\n\n\n<p class=\"date\">Last updated: August 9, 2016<br \/>\nFirst published: August 9, 2016<br \/>\nBy Brett M. Christensen<br \/>\n<a class=\"foot\" href=\"http:\/\/www.hoax-slayer.com\/about.shtml\">About Hoax-Slayer<\/a><\/p>\n\n\n\n\n<p class=\"ref\">References<br \/>\n<a title=\"Malware Threat Articles\" href=\"http:\/\/www.hoax-slayer.com\/malware-threat-articles.shtml\">Malware Threat Articles<\/a><br \/>\n<a title=\"Fake 'Order Status' Emails Contain Locky Malware\" href=\"http:\/\/hoax-slayer.net\/fake-order-status-emails-contain-locky-malware\/\">Fake 'Order Status' Emails Contain Locky Malware<\/a><\/p>\n\n\n\n\n<p>&nbsp;<\/p>\n\n\n<\/br><\/br> Original Source : <a href=\"https:\/\/www.hoax-slayer.net\/nss-cms-invoice-dropbox-invite-malware-email\/\" target=\"_blank\">https:\/\/www.hoax-slayer.net\/nss-cms-invoice-dropbox-invite-malware-email\/<\/a><br \/>\n<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Outline: Email claims that &#8220;Megan&#8221; has invited you to view the file \u00a0&#8220;NSS CMS Invoice 2016-07.zip&#8221; on file hosting service Dropbox. Brief Analysis: The email is not a legitimate invoice notification and the download link does not go to Dropbox. Clicking the link downloads a .zip file that harbours a malicious JavaScript file inside. If [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":6890,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-85","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-hoax-inggris"],"_links":{"self":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/85"}],"collection":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=85"}],"version-history":[{"count":0,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/posts\/85\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=\/wp\/v2\/media\/6890"}],"wp:attachment":[{"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=85"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=85"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syyhoaxanalyzer.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=85"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}