New eFax Scam Email Leads to Malicious Site

The Internet Patrol - Patrolling the Internet for You

A new eFax scam email that has just been sent out, telling you that you have a new eFax message, actually links to a malicious site being hosted at places such as http://kaskada.tym.cz and https://web.archive.org/web/20181227145952/http://isolearn.eu/. The full links, in our examples kaskada.tym[dot]cz/feHTCmSa/index.html and isolearn[dot]eu/z02NKnzs/index.html, we believe cause a malicious virus, trojan, or other software to download to your computer (although we have not confirmed this, our own tests suggest this – regardless, it is spam, and a scam, and the links that supposedly go to eFax actually all go to places such as kaskada.tym[dot]cz/feHTCmSa/index.html and isolearn[dot]eu/z02NKnzs/index.html).

The subject of the versions we’ve seen is “Corporate eFax message – 4 pages”, with a “From” address of ‘message@inbound.efax.com’. Each message has a supposed Caller ID number from which the fax supposedly originated, such as 764-625-1188 and 415-323-6414.


Each version so far also references a reference number, with each number being different, but all bearing the line “The reference number for this fax is” followed by the fake reference number.

Here are screen shots, showing that upon hovering over the supposed eFax links, it is actually revealed that the links go to the scam site. Below the screen shots is the full text of the fake mail.

efax-scam-1

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

 

efax-scam-2

From: message@inbound.efax.com
Subject: Corporate eFax message – 4 pages
Date: August 16, 2012 10:39:49 AM MDT

 

Fax Message [Caller-ID: 764-625-1188]
You have received a 4 pages fax at 2012-08-16 11:39:19 GMT.

* The reference number for this fax is min1_did01-7298321593-9852971022-71.

View this fax using your PDF reader.

Click here to view this message

Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
Thank you for using the eFax service!
Home Contact Login

2011 j2 Global Communications, Inc. All rights reserved.
eFaxŽ is a registered trademark of j2 Global Communications, Inc.
This account is subject to the terms listed in the eFaxŽ Customer Agreement.

No Paywall Here!
The Internet Patrol is and always has been free. We don't hide our articles behind a paywall, or restrict the number of articles you can read in a month if you don't give us money. That said, it does cost us money to run the site, so if something you read here was helpful or useful, won't you consider donating something to help keep the Internet Patrol free?
Click for amount options
Other Amount:
What info did you find here today?:

People also searched for edoctransfer email scam, edoctransfer, efax scam email, dse edoctransfer, efax email scam, e-faxx, fax message email scam, digitalfax delivery <inbound-digitalfax@edoctransfer com>, efax scam, edoctransfer scam

15 thoughts on “New eFax Scam Email Leads to Malicious Site

  1. Just press DELETE, and get on with your day. It’s probably “not important.”

    Don’t open the .zip of ANY email from which you don’t know the source.

    Junk, junk, junk.

  2. Received one today from “message@inbound.efax.com” :

    “eFax message from “POTS modem 2 ” – 1 page(s), Caller-ID: 1-630-226-2563″

    1. I get those all the time. I have tried to unsubscribe, I have blocked many e fax addresses, I have called e Fax and asked them to STOP (they were nasty)
      I honestly think that all this junk email is actually from e Fax. What a crap company. Never sign up with them!!!

  3. i received one today and don’t know what to do. I thouht it was a fax but it seems that it was a virus. Called Efax and they wouldn’t help (i subscribe to Efax). Not sure what to do to ensure that I am not infected. Tried running Norton but not sure if it detects this virus. Please help me if any of you have advice

    Below is the email I received.

    Fax Message [Caller-ID: 207-827-3055]
    You have received a 8 page(s) fax at Fri, 09 Nov 2012 17:42:00 +0100.

    * The reference number for this fax is vlp5_qmq10-2012091117-3372575603-03

    To read received fax you need to open a file attached to this letter. It should be opened and run by double clicking on the file name. To view a file in PDF format, you need Adobe Reader, a free application distributed by Adobe Systems or any other free viewer for PDF files.

    What is PDF format?
    Portable Document Format (PDF) is a file format developed by Adobe Systems. PDF captures formatting information from a variety of desktop publishing applications, making it possible to send formatted documents and have them appear on the recipient’s monitor or printer as they were intended.

    Change your file format!
    You can change the format you receive your faxes in. Go to your Account section (link to my account) to see other file format options.

    Please visit www.eFax.com/en/efax/twa/page/help if you have any questions regarding this message or your service.
    Thanks for using the eFax® service!

    © 2012 j2® Global Communications, Inc. All rights reserved.
    eFax® is a registered trademark of j2® Global Communications, Inc.

    This account is subject to the terms listed in the eFax Customer Agreement

  4. Hi I received an email from efax it was in junk mail but I have given out my email to some business to contact me for donations to give for a fundraiser I’m doing anyway thinking maybe it was just one of the business possibly I opened but was on my phone so it said not formatted to open but the link u have highlighted I did select and it took me to th efax FAQ page.. So is this legit I don’t have an efax acct but since it opened to the FAQ pg does that mean its a real efax and what harm can this cause my phone by opening that FAQ page? Thanks

  5. user in my office clicked this, trying to find out impact and cleaning instructions. Thanks in advance

  6. Got one of these today, Oct 19. The links and source code showed URL “http://searchforcauses.com/WmnQq5Eq/index.html” but clicking actually went to “http://big-claw-berkut.org/links/selection_ticket-activities.php”.

    Checked “searchforcauses.com” in www.unmaskparasites.com and got “web page is clean”. A check in “sitecheck.sucuri.net” found no malware but said the site was “Blacklisted”.

    Checked “big-claw-berkut.org” in www.unmaskparasites.com and also got “web page is clean”. A check in “sitecheck.sucuri.net” found no malware and not “Blacklisted”.

    Disappointing result since these two web sites have served me well in the past.

    Clicking on the fake fax link produced a blank web page and MS Security Essentials popped up a window saying “Detected threats are being cleaned”.

  7. I just received one of these. I didnt open the attachment but I clicked on the web link. Norton blocked it, thank God.

  8. Scam efax notification.
    I received one of these Oct 9, 2012. This one has a different link than in your article so thought I’d let you know. )
    I have kept the email in case you want me to forward it to you for analysis, but it looks much the same as your example.
    Good work with this site! – Dan.

  9. damn it, i clicked on one, now what??? waiting for something, now doing a full scan, fingers crossed

  10. i recvd one of these today. in the source code of the email, i found the following:

    “This external link will open in a new window” href=”http://keyescoverage.com/fTWjVg7K/index.html” target=”_blank”>
    two new urls to put on your watch list.
    thanks for the effort.

    ga

Leave a Reply

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.