New Email Based Attack – a fake INCOMING FAX REPORT

A new line of bogus emails are being sent out with a malicious cause. Similarly to recent attack methods to deliver the CryptoLocker virus, which was covered in a previous blog post, Beware of CryptoLocker Trojan Ransomware, an email is sent claiming that you have received an incoming e-fax and to get the fax you need to click the link contained within the email. Typically the e-fax claims to contain payroll or HR information.

The link in the email typically directs you to a .zip file hosted on dropbox or similar file hosting website. Contained within this .zip file is a malicious payload. The exact configuration and payload of the malware download varies. Below is an example of the body of one of these malicious ‘Incoming Fax Report’ emails:

*********************************************************
INCOMING FAX REPORT
*********************************************************

Date/Time: Thu, 29 May 2014 11:34:20 +0100
Speed: 4054bps
Connection time: 02:01
Pages: 1
Resolution: Normal
Remote ID: 702-046-9511
Line number: 3
DTMF/DID:
Description: Internal report

We have uploaded fax report on dropbox, please use the following link to download your file:
.
*********************************************************

screenshot of a Fake Fax Report email that contains link to a trojan virus
screenshot of a Fake Fax Report email that contains link to a trojan virus

The same ‘Incoming Fax Report’ email has been used in various forms before. This image to your right is an example of a legitimate-looking email that contains links to the external site that may infect your computer with a malicious trojan virus, if your system does not have adequate anti-virus protection. Many versions include the payload in an attached .exe or .zip file. This recent round of email based malware attacks are harder for SPAM or antimalware scanning systems to catch as the actually virus, or payload, is not attached to the email. Any virus scanning system will have a hard time detecting these types of messages as they are not infected, rather the download is. We are seeing that SPAM rules have been updated and are catching a significant amount of these emails, but some still get through to the INBOX.

Practical Advice:

Ultimately, be cautious of any unsolicited email that claims that you have a fax waiting either attached to the email or online, especially one that claims to contain payroll, HR, or other information access to which implies clicking on links and downloading attachments.

  • If you receive one of these messages, do not click on any links or open any attachments that it contains – delete them immediately and permanently.
  • …and, of course, make sure you have a reputable, adequate and up-to-date anti-virus program (such as ESET) installed on your computer network.

If you have any questions, let us know!

How is your state of IT? Call Us: (855) 551-7760 with any questions.