Debunking email hoaxes and exposing Internet scams since 2003!


Hoax-Slayer Logo Hoax-Slayer Logo

DividerDivider
Home    About    New Articles    RSS Feed    Subscriptions    Contact
DividerDivider
Bookmark and Share









RingCentral 'New Fax Message' Malware Email

Outline
Email purporting to be from Internet fax service RingCentral claims that the recipient has a new fax message that can be viewed by opening an attached file.

RoadSign Malware

© Depositphotos.com/ unkreatives



Brief Analysis
The email is not from RingCentral and the attachment does not contain a fax message. Instead, the attachment harbours malware. Once installed, this malware may harvest sensitive information from the compromised computer and download other dangerous malware components. If you receive this message, do not click any links or open any attachments that it contains.

Bookmark and Share

Example

You Have a New Fax Message
From: [Removed]
Received: Tuesday, April 8, 2014 at 9:34 AM
Pages: 1
To view this message, please open the attachment

Thank you for using RingCentral.

Ring Fax Notification Malware


Detailed Analysis


This email, which purports to be from the Internet based fax service, RingCentral, claims that recipients have been sent a new fax message. The email invites recipients to open an attached .zip file to view the fax message.

However, RingCentral did not send the email and the attachment does not contain a fax message as claimed.

Those who go ahead and open the attached .zip file will find that it contains what may appear to less computer literate users to be a harmless .pdf. These users may expect a fax message transcript to be a .pdf and therefore click to open it without due caution. However, the file actually has a double extension (.pdf.exe). Thus, by opening the file, users are actually installing malware on their computers.

The precise payload in these malware emails may vary. Typically, however, the malware can collect sensitive personal and financial information from the compromised computer and relay it to remote servers operated by criminals. It may also download and install other malware such as ransomware.

The fake fax notification email ruse has been used several times in the past by online criminals intent on distributing malware.

At one time, fax machines were used extensively for business communications. But reliance on the machines has lessened considerably as newer technologies have emerged. However, should the need arise, faxes can still be sent and received via online fax services such as RingCentral.

Thus, users need to be very cautious of any unsolicited email that claims that they have been sent a fax and should open an attached file to view it.

Bookmark and Share

Last updated: April 9, 2014
First published: April 9, 2014
Written by Brett M. Christensen
About Hoax-Slayer

References
RingCentral New Fax Message fake Word doc or PDF malware
'Incoming Fax Report' Malware Email
RapidFax Malware Email





Go to Mobile Version