Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

'Incoming Fax Report' Malware Email


Email purporting to be a notification about an incoming payroll related fax claims that users can click a link to read the file online.

Facebook phising
© panama555

Brief Analysis

The email is not a genuine notification. The link in the email opens a compromised website that harbours malware. If downloaded and installed, this malware may steal information from the infected computer, make connections with remote servers operated by criminals and download further malware components. If you receive one of these fake fax emails do not click any links or open any attachments that it contains.



Date/Time: 10/02/2014 05:13:13 EST
Speed: 25903 bps
Connection time: 04:08
Pages: 7
Resolution: Normal
Remote ID: 8102702342
Line number: 4
Description: Payroll

Click here to view the file online


Detailed Analysis

According to this email, which purports to be an incoming fax report, the recipient can click a link to read the fax file online. Supposedly, the fax is related to a payroll.

However, the email is not a genuine fax report. Instead, it is a ruse designed to trick users into visiting a compromised website that harbours malware. Those who go ahead and click the link in the hope of viewing the supposed fax file will be taken to a website that displays a 'please wait' message. The compromised site may attempt to load malicious scripts, which then redirect to a malware page.

The exact configuration and payload of the malware sites may vary. Typically, however, malware downloaded from such sites may perform one or more nefarious tasks. It may harvest information from the infected computer and send it to cybercriminals. It may allow criminals to control the computer remotely and join it to a botnet. It may download and install even more malware that can perform various other functions.

While reliance on the once ubiquitous office fax machine has ebbed considerably in recent years, faxes can still be sent and received via online fax services. These services may send users an email to notify them that a fax has been received.

The criminals bank on the fact that at least a few customers of such services may click on the link without due caution. And, even people that have never used such a service may be panicked into clicking the link in the mistaken belief that their bank account has been compromised or payments have been made in their names.

The same 'Incoming Fax Report' ruse has been used several times before. Some versions include the malicious payload in an attached file. In 2012, a similar message claimed to be from online fax service RapidFax. An attached file carried a trojan.

Be cautious of any unsolicited email that claims that you have a fax waiting online. If you receive one of these messages, do not click on any links or open any attachments that it contains.

Last updated: February 12, 2014
First published: February 12, 2014
By Brett M. Christensen
About Hoax-Slayer

New incoming fax message is actually malware - be on your guard!
RapidFax Malware Email