This email, which purports to be from container shipping company Maersk Line, claims that you can open an attached file to view original shipping documents supposedly related to a consignment that is being shipped to you.
However, the email is not from Maersk Line and has no connection to the company. And, the attachments do not open any shipping documents.
Here is what the initial malware email looks like:
If you click the HTML attachment, it will open in your default browser and will attempt to automatically download a Microsoft Word document:
If you click the PDF attachment, a supposedly “secure or protected” file will open in your PDF reader. The blurred out background may seem like a genuine shipping document at first glance. You will be prompted to click a link to unlock the full PDF. However, clicking the link again downloads a Microsoft word file:
Regardless of which attachment you open, you will end up with the same Word file. When you try to open the Word file, you will then be told that you must enable macros before you can view the file’s contents. But, if you do enable macros, a malicious macro will then download and install further malware.
The malware that the macro downloads may be ransomware that locks up all of the files on your computer and then demands a fee for the unlock code. Or, the malware may be designed to steal sensitive information such as banking passwords from your computer and sent it to online criminals.
The criminals responsible for distributing these scam emails hope that at least a few recipients will download the file either out of curiosity or concern. Even if they are not expecting any consignment and have had no dealings with Maersk Line. And, alas, many people will download the files and infect their computers with malware.
Malware campaigns like this are very common and use the names of many different companies around the world to make their false claims seem more plausible.
Since you’ve read this far…
…can I ask you for a big favour?To enhance your privacy and security and offer you a better user experience, Hoax-Slayer is now ad-free. To keep the site online, I now rely on voluntary contributions from site visitors along with commissions from a few trusted products and services that I promote via reviews on the site.
If you found the above report useful, please consider supporting Hoax-Slayer by making a donation. Any amount you can give will be greatly appreciated.
You can donate using your credit card via the form below. Donations are collected securely via the online payment service Stripe. Stripe uses state of the art security to keep your data safe.
Thank-you.
Brett Christensen