Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

RingCentral 'New Fax Message' Malware Email


Outline

Email purporting to be from Internet fax service RingCentral claims that the recipient has a new fax message that can be viewed by opening an attached file.

Facebook phising
© Depositphotos.com/ unkreatives

Brief Analysis

The email is not from RingCentral and the attachment does not contain a fax message. Instead, the attachment harbours malware. Once installed, this malware may harvest sensitive information from the compromised computer and download other dangerous malware components. If you receive this message, do not click any links or open any attachments that it contains.

Example

You Have a New Fax Message
From: [Removed]
Received: Tuesday, April 8, 2014 at 9:34 AM
Pages: 1
To view this message, please open the attachment

Thank you for using RingCentral.

Ring Fax Notification Malware


Detailed Analysis

This email, which purports to be from the Internet based fax service, RingCentral, claims that recipients have been sent a new fax message. The email invites recipients to open an attached .zip file to view the fax message.

However, RingCentral did not send the email and the attachment does not contain a fax message as claimed.

Those who go ahead and open the attached .zip file will find that it contains what may appear to less computer literate users to be a harmless .pdf. These users may expect a fax message transcript to be a .pdf and therefore click to open it without due caution. However, the file actually has a double extension (.pdf.exe). Thus, by opening the file, users are actually installing malware on their computers.

The precise payload in these malware emails may vary. Typically, however, the malware can collect sensitive personal and financial information from the compromised computer and relay it to remote servers operated by criminals. It may also download and install other malware such as ransomware.

The fake fax notification email ruse has been used several times in the past by online criminals intent on distributing malware.

At one time, fax machines were used extensively for business communications. But reliance on the machines has lessened considerably as newer technologies have emerged. However, should the need arise, faxes can still be sent and received via online fax services such as RingCentral.

Thus, users need to be very cautious of any unsolicited email that claims that they have been sent a fax and should open an attached file to view it.



Last updated: April 9, 2014
First published: April 9, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
RingCentral New Fax Message fake Word doc or PDF malware
'Incoming Fax Report' Malware Email
RapidFax Malware Email






Latest Hoax-Slayer Articles