A new eFax scam email that has just been sent out, telling you that you have a new eFax message, actually links to a malicious site being hosted at places such as http://kaskada.tym.cz and http://isolearn.eu/. The full links, in our examples http://kaskada.tym.cz/feHTCmSa/index.html and http://isolearn.eu/z02NKnzs/index.html, we believe cause a malicious virus, trojan, or other software to download to your computer (although we have not confirmed this, our own tests suggest this – regardless, it is spam, and a scam, and the links that supposedly go to eFax actually all go to places such as http://kaskada.tym.cz/feHTCmSa/index.html and http://isolearn.eu/z02NKnzs/index.html).
The subject of the versions we’ve seen is “Corporate eFax message – 4 pages”, with a “From” address of ‘firstname.lastname@example.org’. Each message has a supposed Caller ID number from which the fax supposedly originated, such as 764-625-1188 and 415-323-6414.
Each version so far also references a reference number, with each number being different, but all bearing the line “The reference number for this fax is” followed by the fake reference number.
Here are screen shots, showing that upon hovering over the supposed eFax links, it is actually revealed that the links go to the scam site. Below the screen shots is the full text of the fake mail.
Subject: Corporate eFax message – 4 pages
Date: August 16, 2012 10:39:49 AM MDT
Fax Message [Caller-ID: 764-625-1188] You have received a 4 pages fax at 2012-08-16 11:39:19 GMT.
* The reference number for this fax is min1_did01-7298321593-9852971022-71.
View this fax using your PDF reader.
Click here to view this message
Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Home Contact Login
2011 j2 Global Communications, Inc. All rights reserved.
eFaxŽ is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFaxŽ Customer Agreement.