Fake UK Fuels E-Bill Message Contains Malicious Macro
Outline'E-bill' email purporting to be from UK Fuels advises you to view an invoice by opening an attached Microsoft Word file.
© Depositphotos.com/ kentoh
Brief AnalysisThe email is not from UK Fuels. When you open the attached Word file, you will be prompted to enable macros in order to view the document's contents. But enabling macros can allow a malicious macro to download a trojan to your computer.
- Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments
- Fake Adobe Invoice Email Contains Malicious Macro
- Shakira Death Hoax Email Contains Malware
Subject: UK Fuels E-bill
Customer No : 35056
Email address : [recipient's email address removed]
Attached file name : 35056_49_2014.doc
Please find attached your invoice for Week 49 2014.
In order to open the attached DOC file you will need the software Microsoft Office Word.
If you have any queries regarding your e-bill you can contact us at
[email address removed]
UK Fuels Ltd
UK Fuels 'E-bill' Claims Invoice is in Attached Word Doc
The message includes a 'bill invoice' email address, which it claims you can use if you have any queries about the E-bill.
Email is Not From UK Fuels - Doc Contains Malicious Macro
When you open the attached Word document, you will be prompted to enable macros, supposedly to allow the content to be viewed.
But, if you enable macros as requested (or if macros have been enabled previously), a malicious macro will then attempt to install a trojan downloader. The trojan can then download and install further malware.
Macro Malware Attacks on The Rise
However, they can also be used maliciously. Macro virus threats were common in years gone by. But, because later versions of Microsoft Office disabled macros by default, the threat became less prevalent.
However, it seems that criminals have resurrected the practice. Because users may trust Microsoft word .doc files, they may be more inclined to open them and enable macros when requested.
Unless you have a specific need for macros, it is best to leave them disabled. Be very wary of any message that claims that you must enable macros to view a document.
Last updated: January 6, 2015
First published: January 6, 2015
By Brett M. Christensen