“You’ve got an eFax!”

  • October 25, 2012
  • 2 min read
efax_phishing_scam_preview


efax_phishing_scam_banner

Spam emails are nothing new and unfortunately most internet users are confronted with them daily. Their purposes vary from simply promoting a site or product, to phishing and downright infecting a computer. Today we received a particularly nasty, but at the same time convincing-looking email, claiming to be from eFax:

Convincing at first sight, but when looking a little closer it becomes clear that this is nothing more than an attempt to have the reader open a supposed PDF document.

When looking at the email source the following is listed:

From: "eFax Corporate" <[email protected]>
Subject: Corporate eFax message

 According to the (legitimate) eFax website FAQ:

When someone sends you a fax, the message is delivered to the email address on your account.

  • Faxes will come from the email address [email protected].
  • The subject line of your email will be “Fax Received From (Fax Number)”.
In other words, both subject and sender do not match with what we would expect of a real email from eFax.

But there is more…

Let’s have a look at the attachment, which according to the message is supposed to be a PDF document. After downloading and unzipping the attachment, this is what we get (see image).

 This may look like a PDF file, but look at the icon. That is the default executable (.exe) file icon. A simple file properties check shows that this is indeed the case.

A .exe file trying to look like a .pdf file is by its very definition suspicious, which was confirmed when, upon execution, the ZeuS trojan was downloaded and loaded on the system. This trojan is known for its info-stealing capacity (especially banking information). Emsisoft Anti-Malware detects the associated files as Trojan.Win32.Zbot.

To remove this malware infection, please download and install Emsisoft Anti-Malware. Run a full scan on all drives and move all detected items to quarantine. Our experts in the Help, my PC is infected! Emsisoft Forum are always ready and willing to offer additional help. The removal service is absolutely free even if you are not an Emsisoft customer yet.

Have you received a dubious efax or infected by a scam pretending to be a digital fax? Let us know in the comments and any other tips you’d like to share!

Emsisoft Enterprise Security + EDR

Robust and proven endpoint security solution for organizations of all sizes. Start free trial

Elise

Elise

Malware analyst. I've always been interested in computers, especially anything (anti-)malware related and am usually the go-to computer person for everyone who knows me. The first virus I encountered was on DOS when I was 12 years old. The fact that our AV back then could "magically" make it go away sparked my interest.

What to read next