Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









Issue 176 - April, 2014 (2nd Edition) - Page 21

MALWARE - 'Confidential - ALL Employees Important Document'

Issue 176 Start Menu

Previous Article            Next Article

Outline
Email purporting to be a confidential message from the recipient's employer claims that all employees must fill out and submit an important document contained in an attached file.

Danger computer digital LCD screen

© Depositphotos.com/ leszekglasner



Brief Analysis
The email is not from any employer and the attachment does not contain a document, important or otherwise. The attached .zip file harbours a .scr file, that if opened, can install malware on the user's computer. If you receive one of these bogus emails, do not open any attachments or click any links that it contains.

Bookmark and Share

Example

Subject: Confidential - ALL Employees Important Document

Please find attached documentation I will need you to complete and send back to me as soon as you can if that’s okay.
Please do not hesitate to contact me if I can provide you with any further support or assistance.

Thank you


Detailed Analysis


This email, which some recipients may assume is from their employer, claims that important and confidential documents are contained in an attached file. The message claims that all employees must complete the attached documentation and send it back as soon as possible.

However, the message is not from an employee as implied and the attachment does not contain a document. Instead, the attached .zip file contains a .scr file, which, if opened, can install malware on the user's computer.

Typically, such malware can collect personal information from the compromised computer and connect to remote servers operated by cybercriminals. It may also download and install further malware components.

The malware email does not specifically name the supposed employer. The criminals responsible for the campaign know that at least a few recipients will likely just assume that the email is from their boss and proceed without due caution.

Such inattention may seem inexcusable in retrospect. However, if the person is tired, very busy, or inexperienced with the ways of email and computing, then they may well be vulnerable. After all, just a few seconds of inattention could see the user inadvertently installing the malware. Once installed, the malware will likely perform its heinous tasks silently in the background, so the victim may not initially realize that his or her computer has been compromised.

Criminals use many different methods of distributing malware. Some such attacks are quite sophisticated. Others, like this example, are simply executed but still gain new victims.

An almost identical scam campaign took place in March 2013. Again, the attachment that came with the fake 'confidential document' contained malware.

Bookmark and Share

Last updated: April 2, 2014
First published: April 2, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
Threat Outbreak Alert: Fake Employee Document Sharing Notification E-mail Messages on March 5, 2013



Previous Article            Next Article

Issue 176 Start Menu

Pages in this issue:
  1. SCAM - 'Mermaid Found Inside Shark Video'
  2. HOAX - '15 foot Eastern Brown Snake Found Near Caloundra Golf Course'
  3. Facebook Limiting Posts Warning - 'This is a Test'
  4. SCAM -'R.I.P. Dwayne Johnson' - The Rock is NOT Dead
  5. NONSENSE - 'All Americans Microchipped by 2017'
  6. SCAM - 'Devil's Pool Fall Epic Selfie Video'
  7. Heartbleed Bug - Users Warned to Change All Passwords
  8. HOAX - 'Justin Bieber Admits To Being Bi-Sexual'
  9. PHISHING SCAM - 'Click to Read Vital Newsletter'
  10. RingCentral 'New Fax Message' Malware Email
  11. LIKE-FARMING SCAM - 'Wife Pregnant for 13 Months Needs Prayers'
  12. 'New Voicemail' Pharmacy Spam Email
  13. HOAX: '2 Suns In The Sky On April 21st - Star Meccyroid'
  14. Facebook Promotion, Lottery and Award Scams
  15. April Fools Joke - 'United States to Ban Raw Meat Sales'
  16. iTunes Purchase Receipt Phishing Scam
  17. Dwayne Johnson is NOT Dead
  18. Nails in Cheese Dog Park Warning Message
  19. Product Order Request Money Laundering Emails
  20. Capitec 'Routine Maintenance' Phishing Scam
  21. MALWARE - 'Confidential - ALL Employees Important Document'
  22. SCAM - 'Flight MH370 Found in Indian Ocean Shocking Video'
  23. Lamborghini Giveaway Facebook Like-Farming Scam
  24. Barclays 'Detected Irregular Activity' Phishing Scam
  25. MALWARE - 'Traffic Accident With Your Car' Email
  26. HOAX - 'British Scientists Clone Dinosaur'
  27. Facebook Sick Child Hoax - 'Help Boy with Massive Tumour by Liking, Sharing and Commenting'