Fake eFax message installs ransom ware

Fake eFax message installs ransom ware

This type of phishing email has been appearing in our scams folder for some time. It has never appeared in great volumes, until this week. This week it became a clear standout performer in the phishing email campaigns. These volumes earn it the title of “phish of the day”. That is all this email has going for it. It is a dangerous email. It masquerades as an eFax message, but it contains links that download ransomware onto the victim’s PC.

For those that don’t know, eFax is a legitimate site that markets its ability to send a fax via email. This phishing email is a nasty one, as people can be deceived, click on a link, and have ransomware installed on their PC. Do not click on the links in this email. Delete it immediately.

Figure A shows the email. The email poses as being from the Australian Taxation Office. The subject line if the email is “eFax message – 2 page(s)”. An eFax logo is at the top of the email. The email looks realistic. There are three links in the body of the email, and three in the footer. All point to the same malicious site. All download a variant of ransomware. The ransomware appears to be a form of CryptoLocker.  A reference number adds authenticity to the email.

MailShark Fake eFax message installs ransom ware
Figure A – Click to Enlarge

Ransomware searches for Office files on local and network drives, and encrypts them. It may also encrypt picture files. When the user attempts to open the files, a banner displays informing the user that their files are locked. The message informs the user that the files can be decrypted if they pay a ransom. Needless to say, this email is a fake. The links all lead to a malicious site. Do not click on the links in the email. Delete this email if you receive it.

Scott Reeves
MailShark
Free anti-spam service
Free email filter service

Share This Post

Post Comment