Bogus eFax Corporate Emails from Craigslist Carry Malware

Users are advised to beware of suspicious-looking emails

  Bogus eFax email
Cybercriminals are using a combination of social engineering tactics to trick users into opening malware-spreading emails. Avira experts have come across emails that appear to come from Craigslist, but sent via eFax Corporate.

Cybercriminals are using a combination of social engineering tactics to trick users into opening malware-spreading emails. Avira experts have come across emails that appear to come from Craigslist, but sent via eFax Corporate.

The messages, which have nothing to do with either Craigslist or eFax, inform recipients that they’ve received a 24-page fax.

However, researchers have discovered that the attachment is not a fax, but an HTML file which contains a malicious JavaScript code. When executed, the script downloads malware onto the victim’s computer.

The malicious elements are detected by Avira products as HTML/Redir.EB.8 and JS/Column.EB.18.

Bogus eFax emails have been making the rounds for quite some time now, but it appears the spam campaign is still going strong.

That’s why it’s important for users, especially those from corporate environments, to be highly cautious before opening such emails.

Comments