New Email Threat – Don’t Open Emails from Efax

We’ve noticed a new email threat, this one involving a notice from Efax which tells you that a new fax has arrived. In the email there is a link, supposedly to the fax, which the sender expects you to click. If you do happen to click the link, you’re taken to a completely different site, not the Efax site that is indicated in the link. At that point you might download the file, a zip file which has ‘pdf’ in the name. In that zip file is a virus and/or malware which will most likely install a keylogger or other spyware on your computer. This is what the email looks like:

Photo of Email from Efax
No matter how real this looks, the email is NOT from Efax.

 

 

 

 

 

 

 

If you were to hover your cursor over the link, shown here in black, you would see another URL down at the bottom left. Here is where the link actually leads:

Photo of Email Fax Real Address
Although the link says it leads to Efax.com it doesn’t. Down on the bottom left you’ll see ‘maroc.com’ and a zip file. Whatever you do, don’t click on that link!

 

 

 

 

 

 

Now, Efax is a real company. We’ve used them in the past and they’re handy if you don’t have a fax machine or, in our case, when your telephone system does not support a fax machine. (VOIP lines do not support faxing.) If you were to check the apparent address of origin by hovering your cursor over the email in your inbox, you’d see this:

Photo of Efax Address of Origin
This looks like the email is from Efax.ca. It isn’t.

 

 

 

 

 

 

It’s only when we look at the message source (right click the email in the inbox before you open it and choose ‘view message source’), that we see where the email really originated. Here’s what we found:

Photo of Spam Email Source
The sender is actually ‘host.informationoutput.com’. They have faked the origin ‘inbound.efax.ca’.

 

 

To sum all of this up, here’s what we’ve got: An email that appears to be from Efax.ca, but isn’t. A link that appears to lead to Efax.com, but doesn’t. Finally we have a fax that isn’t a fax, it’s a zip file full of malware/spyware or a virus. Dangerous stuff, right? Our feeling is that you’d really have to go out of your way to get infected this way but people actually do get hit every day. We’d suggest reading this post a few times. All of the information you need to figure out if an email is legitimate is here. Feel free to share it with friends and family.

This post is about one email. Believe us when we say that we receive many such phishing emails every week. They might appear be from Efax, a bank, a government agency or a company that you may or may not have dealt with in the past. They all have one thing in common. If you don’t catch them and happen to click on the link, you’ll be in trouble. Be careful out there, OK?

Thanks for reading! Questions or comments are welcome. You can also ask questions on our Facebook page. Here is the link: Computers Made Simple on Facebook 

_________________________________________

Here’s a link that might help us if you are interested in hosting your own blog with Fatcow Hosting. We’ve signed up to become an affiliate and we make a bit of money if you sign up for hosting via this link: FatCow Hosting Thanks!

 

 

 

 

 

 

Leave a Reply

Your email address will not be published. Required fields are marked *