Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Fake UK Fuels E-Bill Message Contains Malicious Macro

Jump To: Example    Detailed Analysis   Comments   References


'E-bill' email purporting to be from UK Fuels advises you to view an invoice by opening an attached Microsoft Word file.

© kentoh

Brief Analysis

The email is not from UK Fuels. When you open the attached Word file, you will be prompted to enable macros in order to view the document's contents. But enabling macros can allow a malicious macro to download a trojan to your computer.


related Links
What's New   Top Ten   Special Features   Subscribe


Subject: UK Fuels E-bill   

Customer No : 35056
Email address :      [recipient's email address removed]
Attached file name :  35056_49_2014.doc
Dear Customer
Please find attached your invoice for Week 49 2014.
In order to open the attached DOC file you will need the software Microsoft Office Word.
If you have any queries regarding your e-bill you can contact us at
[email address removed]
Yours sincerely
Customer Services
UK Fuels Ltd

Detailed Analysis

UK Fuels 'E-bill' Claims Invoice is in Attached Word Doc

According to this email, which claims to be an 'E-bill' from UK Fuels, you can view an invoice by opening an attached Microsoft Word document.

The message includes a 'bill invoice' email address, which it claims you can use if you have any queries about the E-bill.

Email is Not From UK Fuels - Doc Contains Malicious Macro

However, the email is not from UK Fuels and the attached file is not a legitimate invoice.

When you open the attached Word document, you will be prompted to enable macros, supposedly to allow the content to be viewed.

But, if you enable macros as requested (or if macros have been enabled previously), a malicious macro will then attempt to install a trojan downloader. The trojan can then download and install further malware.

Macro Malware Attacks on The Rise

A macro is a set of instructions that can be collected as a single command in order to automatically and rapidly accomplish a task. Macros can increase efficiency and enhance workflows.

However, they can also be used maliciously. Macro virus threats were common in years gone by. But, because later versions of Microsoft Office disabled macros by default, the threat became less prevalent.

However, it seems that criminals have resurrected the practice. Because users may trust Microsoft word .doc files, they may be more inclined to open them and enable macros when requested.

Unless you have a specific need for macros, it is best to leave them disabled. Be very wary of any message that claims that you must enable macros to view a document.

Last updated: January 6, 2015
First published: January 6, 2015
By Brett M. Christensen
About Hoax-Slayer

Invoice in malicious Word file with fake emails from UK Fuels Ltd
Microsoft warns of increase in Adnel and Tarbir Trojan attacks on Excel and Word users