New eFax Scam Email Leads to Malicious Site
by
Anne P. Mitchell, Esq. (friend
Anne on Facebook! 
)
-
11 Comments, Last updated
11/09/2012
- 3,734 views
|
| Tweet |
|
Previous Article « Postini Shutting Down, All Postini Customers Being Transitioned to Google Apps
Read Next Article » Square Android and iPhone Mobile Payment App Lets You Leave Your Credit Cards at Home
A new eFax scam email that has just been sent out, telling you that you have a new eFax message, actually links to a malicious site being hosted at places such as http://kaskada.tym.cz and http://isolearn.eu/. The full links, in our examples http://kaskada.tym.cz/feHTCmSa/index.html and http://isolearn.eu/z02NKnzs/index.html, we believe cause a malicious virus, trojan, or other software to download to your computer (although we have not confirmed this, our own tests suggest this – regardless, it is spam, and a scam, and the links that supposedly go to eFax actually all go to places such as http://kaskada.tym.cz/feHTCmSa/index.html and http://isolearn.eu/z02NKnzs/index.html). The subject of the versions we’ve seen is “Corporate eFax message – 4 pages”, with a “From” address of ‘message at inbound.efax dot com’. Each message has a supposed Caller ID number from which the fax supposedly originated, such as 764-625-1188 and 415-323-6414. Each version so far also references a reference number, with each number being different, but all bearing the line “The reference number for this fax is” followed by the fake reference number. Here are screen shots, showing that upon hovering over the supposed eFax links, it is actually revealed that the links go to the scam site. Below the screen shots is the full text of the fake mail.
From: message at inbound.efax dot com Fax Message [Caller-ID: 764-625-1188] * The reference number for this fax is min1_did01-7298321593-9852971022-71. View this fax using your PDF reader. Click here to view this message Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service. 2011 j2 Global Communications, Inc. All rights reserved.
Subject: Corporate eFax message – 4 pages
Date: August 16, 2012 10:39:49 AM MDT
You have received a 4 pages fax at 2012-08-16 11:39:19 GMT.
Thank you for using the eFax service!
Home Contact Login
eFaxŽ is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFaxŽ Customer Agreement.
| Tweet |
|
Previous Article « Postini Shutting Down, All Postini Customers Being Transitioned to Google Apps
Read Next Article » Square Android and iPhone Mobile Payment App Lets You Leave Your Credit Cards at Home
You May Also Like:
The YouTube “Warning: Your inbox is full, message not accepted” Scam
Facebook Phishing Scam Claims You Have Deactivated Your Facebook Account
Newest Craigslist Scam: “You have successfully posted your Craigslist ad”
Fake Verizon Wireless Scam Emails Hit the Internet
eFax is Raising Their Rates – Again – But There Are Low-Cost and Free Alternatives to eFax!
For additional similar stories check out our archives on Scams
i received one today and don’t know what to do. I thouht it was a fax but it seems that it was a virus. Called Efax and they wouldn’t help (i subscribe to Efax). Not sure what to do to ensure that I am not infected. Tried running Norton but not sure if it detects this virus. Please help me if any of you have advice
Below is the email I received.
Fax Message [Caller-ID: 207-827-3055]
You have received a 8 page(s) fax at Fri, 09 Nov 2012 17:42:00 +0100.
* The reference number for this fax is vlp5_qmq10-2012091117-3372575603-03
To read received fax you need to open a file attached to this letter. It should be opened and run by double clicking on the file name. To view a file in PDF format, you need Adobe Reader, a free application distributed by Adobe Systems or any other free viewer for PDF files.
What is PDF format?
Portable Document Format (PDF) is a file format developed by Adobe Systems. PDF captures formatting information from a variety of desktop publishing applications, making it possible to send formatted documents and have them appear on the recipient’s monitor or printer as they were intended.
Change your file format!
You can change the format you receive your faxes in. Go to your Account section (link to my account) to see other file format options.
Please visit http://www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thanks for using the eFax® service!
© 2012 j2® Global Communications, Inc. All rights reserved.
eFax® is a registered trademark of j2® Global Communications, Inc.
This account is subject to the terms listed in the eFax Customer Agreement
Comment by ym — 11/9/2012 @ 6:04 pm
Hi I received an email from efax it was in junk mail but I have given out my email to some business to contact me for donations to give for a fundraiser I’m doing anyway thinking maybe it was just one of the business possibly I opened but was on my phone so it said not formatted to open but the link u have highlighted I did select and it took me to th efax FAQ page.. So is this legit I don’t have an efax acct but since it opened to the FAQ pg does that mean its a real efax and what harm can this cause my phone by opening that FAQ page? Thanks
Comment by Street — 10/23/2012 @ 7:23 pm
user in my office clicked this, trying to find out impact and cleaning instructions. Thanks in advance
Comment by r siggy — 10/23/2012 @ 10:04 am
Got one of these today, Oct 19. The links and source code showed URL “http://searchforcauses.com/WmnQq5Eq/index.html” but clicking actually went to “http://big-claw-berkut.org/links/selection_ticket-activities.php”.
Checked “searchforcauses.com” in http://www.unmaskparasites.com and got “web page is clean”. A check in “sitecheck.sucuri.net” found no malware but said the site was “Blacklisted”.
Checked “big-claw-berkut.org” in http://www.unmaskparasites.com and also got “web page is clean”. A check in “sitecheck.sucuri.net” found no malware and not “Blacklisted”.
Disappointing result since these two web sites have served me well in the past.
Clicking on the fake fax link produced a blank web page and MS Security Essentials popped up a window saying “Detected threats are being cleaned”.
Comment by Richard — 10/19/2012 @ 12:29 pm
I just received one of these. I didnt open the attachment but I clicked on the web link. Norton blocked it, thank God.
Comment by Deb — 10/19/2012 @ 11:17 am
Scam efax notification.
I received one of these Oct 9, 2012. This one has a different link than in your article so thought I’d let you know. (http://0358095.netsolhost.com/CwwGhu/index.html)
I have kept the email in case you want me to forward it to you for analysis, but it looks much the same as your example.
Good work with this site! – Dan.
Comment by Dan White — 10/9/2012 @ 11:20 pm
just found one of these in my gmail spam box.
Comment by Brent — 10/3/2012 @ 4:09 pm
damn it, i clicked on one, now what??? waiting for something, now doing a full scan, fingers crossed
Comment by Gary — 10/3/2012 @ 6:48 am
i recvd one of these today. in the source code of the email, i found the following:
“This external link will open in a new window” href=”http://keyescoverage.com/fTWjVg7K/index.html” target=”_blank”>
two new urls to put on your watch list.
thanks for the effort.
ga
Comment by greg apicella — 8/30/2012 @ 8:02 am
They’re getting more sophisticated, hope we are able to conquer this problem
Comment by David Kinlay — 8/18/2012 @ 12:04 am
IT admin here – have seen three occurrences of this today.
Comment by Capt. Speedo — 8/16/2012 @ 1:53 pm