Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

MALWARE - 'Confidential - ALL Employees Important Document'


Email purporting to be a confidential message from the recipient's employer claims that all employees must fill out and submit an important document contained in an attached file.

Facebook phising
© leszekglasner

Brief Analysis

The email is not from any employer and the attachment does not contain a document, important or otherwise. The attached .zip file harbours a .scr file, that if opened, can install malware on the user's computer. If you receive one of these bogus emails, do not open any attachments or click any links that it contains.


Subject: Confidential - ALL Employees Important Document

Please find attached documentation I will need you to complete and send back to me as soon as you can if that’s okay.
Please do not hesitate to contact me if I can provide you with any further support or assistance.

Thank you

Detailed Analysis

This email, which some recipients may assume is from their employer, claims that important and confidential documents are contained in an attached file. The message claims that all employees must complete the attached documentation and send it back as soon as possible.

However, the message is not from an employee as implied and the attachment does not contain a document. Instead, the attached .zip file contains a .scr file, which, if opened, can install malware on the user's computer.

Typically, such malware can collect personal information from the compromised computer and connect to remote servers operated by cybercriminals. It may also download and install further malware components.

The malware email does not specifically name the supposed employer. The criminals responsible for the campaign know that at least a few recipients will likely just assume that the email is from their boss and proceed without due caution.

Such inattention may seem inexcusable in retrospect. However, if the person is tired, very busy, or inexperienced with the ways of email and computing, then they may well be vulnerable. After all, just a few seconds of inattention could see the user inadvertently installing the malware. Once installed, the malware will likely perform its heinous tasks silently in the background, so the victim may not initially realize that his or her computer has been compromised.

Criminals use many different methods of distributing malware. Some such attacks are quite sophisticated. Others, like this example, are simply executed but still gain new victims.

An almost identical scam campaign took place in March 2013. Again, the attachment that came with the fake 'confidential document' contained malware.

Last updated: April 2, 2014
First published: April 2, 2014
Written by Brett M. Christensen
About Hoax-Slayer

Threat Outbreak Alert: Fake Employee Document Sharing Notification E-mail Messages on March 5, 2013