One of the many ways that criminals spread malware is to send bogus emails claiming that the recipient has received a fax.
Faxing might seem like an obsolete technology and you might wonder why online crooks would use fake fax notifications to reach victims. Surprisingly, however, faxing is still commonly used in the business world and a number of companies offer online fax services to customers.
These services allow customers to send and receive faxes via email. So, if someone sends you a fax using such a service, you will receive a notification email. The fax itself can be viewed by opening a file attached to the email or by logging in to the service’s website.
So, criminals regularly use the names and logos of popular online fax services such as eFax, RapidFax, and RingCentral.
Often, the malware is included in a file attached to the emails. Recipients may open the attachments in the mistaken belief that they will get to view the supposed fax. Instead, they may be tricked into installing the malware on their computers.
Other versions may trick people into visiting a website that contains the malware
Many of the latest versions use malicious macros to deliver the malware. The attached files may appear to be innocuous Microsoft Office documents. If you attempt to open the attached Office file, you will be prompted to enable content, ostensibly so that the “fax” can be properly displayed. If you follow the instructions, a malicious macro will run in the background. The macro can download and install malware on your computer.
Complex macros can be created using VBA (Visual Basic for Applications) and can be very helpful in some workflows. But malicious VBA macros can also be created and distributed. In years gone by, macro viruses were common computer security threats. But, for the last several years, they have been much less significant due to the fact that later versions of Microsoft Office disabled macros by default and implemented other security measures.
However, criminals have apparently realized that many computer users will have forgotten about or have no knowledge of macro threats. Thus, malicious macros are again being used to spread malware.
In modern incarnations of the threat, criminals do not try to subvert in-built security systems but use simple social engineering techniques to get users to allow the macros to run. The criminals rely on the curiosity of recipients who may proceed without due caution in the hope of finally viewing the promised document content.
Unless you have a compelling reason, you would be best to leave macros disabled by default. And do not believe any message that claims that you must enable macros to view or interact with Microsoft Office documents.
If you receive an unexpected fax notification email, do not open any attachments or click any links that it contains. Instead, log in to the online fax service account by entering the account address into your browser’s address bar. If you really did receive a fax, you should be able to safely access and view it via the service’s website.
Examples of fake fax notification malware emails:
One of the many ways that criminals spread malware is to send bogus emails claiming that the recipient has received a fax....
Email claims that you have received a 5 page fax from online fax service eFax and can view the document by opening an attached file....
According to this email, you have received a new fax. The email implies that printing company Epson sent the fax....