Beware of Malicious “Passing of Your Friend” Funeral Notice Email

A fake funeral notice reporting "The passing of your friend" has been spamming email customers this month, infecting many computer with malware.

Sponsored links


The fake notice claims to be from Eubank Funeral Home, with a subject of “Passing of your friend.” The message reads:

fake eubank email

For this unprecedented event, we offer our deepest prayers of condolence and invite to you to be present at the celebration of your friends life service on Friday, January 31, 2014 that will take place at Eubank Funeral Home at 11:00 a.m.

Please find invitation and more detailed information about the farewell ceremony here.

Best wishes and prayers,

Funeral home receptionist,
Justin Powers

Sponsored Links


In the email we received, the link to the “invitation” was a zip file hosted at dev.cardiocorefitness.com. Clicking the link will download this zip file to your computer. Opening the zip file will install malicious software onto your computer. We are still determining the effects of this particular malware, although it has been suggested that it is connected to Asprox botnet.

Note that other “receptionist” names used in these emails have included Anthony Ball, Ethan Valencia, Thomas Spears, and Brandon Kelly.

Eubank Funeral Home

The fake email uses the name and color scheme of a real funeral home located in Canton, Texas. This company has been flooded with inquiries about the fake email above, and have posted a notice on their website about it:

Urgent Warning: An Email Has Been Sent Out Appearing To Come From Eubank Funeral Home. Please Do Not Open The Link As It Is SPAM And May Contain MALWARE. We Apologize For The Inconvenience. PLEASE DO NOT CALL US TO REPORT THIS. Thank You.

eubank-warningIf you receive the fake funeral invitation, you are best advised to delete it immediately, and do not click or download the file included with it.

If you already opened the attached zip file, you should run security software designed to remove malware.

Have you seen the fake funeral notice? Let us know if you have spotted any variations, or what happened if you inadvertently opened the zip file.

Variants

In March 2014, we are receiving reports that a variant of the email above claims to be from Douglass Funeral Home. We have also spotted variants claiming to be from Clearwater & Largo Funeral Home as well as Hubbell Funeral Home.

Sponsored links




48 Comments on Beware of Malicious “Passing of Your Friend” Funeral Notice Email

  1. I received an email today, from Douglass Funeral Home. It went to an email I use for various websites I visit, and not for personal use, so I’m always suspicious of “friendly” emails on that account.

  2. I just received an email today similar to the one described above. It said that the unprecedented loss of my friend has happened and asked me to join them as they celebrate their life with a date and time to the funeral home. The email title was Death Notice from the Douglass Funeral Home and contained a link in the body of the email to go view more details. Instead of clicking the link, I google searched the funeral home name and spam email and it took me here. When I went to look for the email in my inbox so I could delete it, it was no longer there. I searched all folders in my mail and nothing.

  3. I received the email from Douglas funeral, thankfully I did not open it.

  4. I just got one of these emails today, thank you for this information

  5. I’m so very grief stricken by the untimely imaginary death of our dear imaginary friend, especially on this first day of spring. Perhaps we should organize an imaginary carpool for the imaginary funeral, to save some imaginary gas (it is imaginarily expensive… oh wait… that part is painfully real).
    Your friend in imaginary sorrow,
    KD

    PS– mine was also Douglass Funeral Home

  6. I have received a number of “notices” and I’ve never opened one of them. I have been suspicious of each one of them as they do not tell me who is the friend that has departed. I have not gone to the link, and will not go to the link. These scammers are vicious, thoughtless and very sick people; death of a friend or loved one is no joking matter.

  7. I received email from Douglass funeral home. Didn’t click on it because named of deceased wasn’t mentioned. My radar went up at this point. Was signed Anthony Kerr.

  8. Lee Bartlow // March 19, 2014 at 10:25 pm // Reply

    I was notified of the passing of a friend of mine by Douglass Funeral Home, but no name was given. I live in California.
    Can you identify the name of the passing one for me. I thank you.

  9. I received this last night too. From a “douglass funeral home”. My grandmother just passed so i opened it thinking it was genuine condolence letter about my grandma. But i used my cell phone to open it, not a PC…my phone seems fine. Has anyone had issues with their phone getting infected with the virus? How would i fix it on my cell phone? Call my service provider?

  10. I got this today, but it hit my Spam folder, which I always check before deleting because sometimes legitimate emails end up in there. I am responding because I think the posters who are saying things like, “only idiots would fall for this,” etc. need to get a life and stop belittling people. These posters are mean spirited and obviously derive some sort of sadistic pleasure from attempting to make others feel stupid. Happy, compassionate people do not treat others in this manner. My hope is that they will heal from whatever painful events that happened to them in their lives that made them such hard-hearted individuals, so that they will stop trying to inflict their inner pain upon others. To all those who were victimized by this email (also perpetuated by unhappy people who derive pleasure from hurting others), I am so sorry and I hope that your attempt to remove the damage from your computers is successful. You are not “dumb, gullible, ignorant, or idiots;” you are just unlucky. Warmest regards, Robin

  11. I just received this e-mail. Good thing I did a google search before clicking any links. Mine was from “Douglass Funeral Home”, with the same message shown above, but signed from Elijah Alaya. I’m glad this is fake and that you guys have provided very thorough information! Thank you!

  12. Received this today from Douglass Funeral Home – beware! Really uncanny because it actually did list the date that my friend died.

  13. I received this numerous times. How dumb do you have to be to actually fall for this. idiots.

  14. I just received from Douglass Funeral home with receptionist Armaan Hodges. Promptly into spam mail.
    We know these are malicious spammers anything we can do to stop them?

  15. Gary Russell // March 18, 2014 at 11:03 am // Reply

    I just received a spam message from Douglass Funeral Home. Didn’t open it because I knew a funeral home message that lands in my spam folder couldn’t be legit.

  16. I received it also from “Douglass Funeral Home” at my work email address. It was caught and tagged.

  17. I too got one from Douglas Funeral Home.

  18. Jim Wilkinson // March 17, 2014 at 10:58 pm // Reply

    I just received an email from Douglass Funeral Home. Thanks for the info!

  19. I just got this email from ‘Douglass Funeral Home’.

  20. haevolution // March 2, 2014 at 6:24 am // Reply

    Wow people are dumb. Why would a funeral home want you install a file on your computer??? Do people have no common sense?

  21. have another email from hubble funeral home. downloaded the file but didnt open it. can i send(forward)you the email so you can check it out? dont know how to just send the file thanks

  22. Seriously only a dumb person would fall for this.
    How the hell did the funeral home get your private email; if you really knew someone in this situation and they really were your friend or relative they would know how to reach you not have a third-party contact you email you.
    Scammers and spammers love the ignorant and gullible.

    • Those who have recently lost a loved may tend to believe it’s real, especially if much of their recent correspondence had dealt with a funeral.

  23. I work in the funeral business, so I clicked on the link without giving it too much thought. My computer warned me against it, but I did it anyway. Something is definitely wrong. The computer runs slow, and windows explorer and other programs stop running. Can these guys get access to my personal information? Will malware removal programs work?

    • Hopefully, depending on the software and what damage may or may not have been caused by the malware. Let us know what happens.

  24. Received this email tonight from: Eubank Funeral Home . Decided to check it out before opening it. Thank you for your article.

  25. I received the notice a few days after the passing of my mother. I was shocked as cremation & a memorial service at a later date had been pre-arranged by my mother to be executed by my brother. I was at first outraged that my brother had arranged a funeral without telling me but something did not ring true. Why would the notice not come from the Funeral Home Director and include the address, name of the loved one, and a phone number? It was fishy. Unfortunately, I did hit the link but fortunately the link had been closed down by someone.

  26. Having received this email at a time when someone I know had just “lost” a close relative, yet this person did not have my email afaik, still I thought it was a weird coincidence, still, being my typical paranoid self, I thought I’d check it out just the same, glad i did. I’ve sent it on to a few of my friend’s to see if they can “suss it out”. Unfortunately I clicked send before letting them know that it was probably a scam and then after I got the message “37 emails sent” my browser crashed and I couldn’t get back into my email. Oh well, I’m sure most of them will be smart enough to check it out first. Anyhow, just prior to sending it out I’d already opened the archive file, which didn’t seem to do much anyhow, so it’s probably pretty harmless. I’ve uploaded it to a few torrent sites so that the dudes on there can check it out for me too and I’ve created a facebook page with a link for others to download it and see if they can suss it out too ! I was amazed by the response, I wasn’t expecting 100’s of thousands of people to download it, hey there you go, that’s the power of facebook for yer !! Mind you, most of the folks on there seem rather puzzled about it, and seem to think it was a genuine email, even though I placed a warning in the footer saying “this is weird, don’t open, ‘cos it surprised me !!” But many people have posted irate responses about it messing their system’s up, despite the warning. I don’t know, you try doing some good and people just moan about !! I was also thinking of going through the obituary pages for emails to send it to those who may genuinely lost someone, so that they can forward it on to everyone they know in order to warn them to ignore it !! What does everyone else think ?

    Tim N.B.D. :-|

    • They probably just send it to millions of people, hoping to hit some people who actually did lose someone recently.

  27. I received this twice now , I did open the first time, haven’t noticed anything major, phone is kinda slow but was before too, thanks for posting this tho, pretty low to send something that that , glad u are trying to let people know

  28. I just got this and clicked on the link to see the invitation and and open the zip file but the malware run message came up and i didn’t go any further, i closed it and now googling the Eubank Funeral Home to see this message. My message came from a “Jacob Ward”.

  29. Sandy Mitchell // February 8, 2014 at 7:24 am // Reply

    I checked my email on my iPhone and clicked on the HERE in the notice, thinking it was a legit invite. The name of the funeral director was “Thomas Spears.” Clicking on the link led me to a website called bapconstruction.com that had a blank screen. Here is the address of the website page: (Link removed)

  30. Just got mine this morning and knew right away something wasn’t right so I checked online to see if there was info about it and there you were! Thank you:)

  31. what do i do if i opened it on my phone?!

  32. Got this same email!

  33. I’ve gotten this 3 times in the past 3 days. Last one was today from an email in .pt, Portugal.

    As mentioned above, I always hover over the sender ID before considering opening a link in an email. Also as noted above, it struck me that “your friend” was mentioned but no name. Since my email is unrelated to my real name and very few know it, it’s highly unlikely I’d get such a notice. Guess some of the spam scammers realize that the “I’m a widow with millions I need to get out of the country” and other similar scams are too well know to get many bites these days.

  34. I just received this 2/6/14 10:15am
    I have to be honest sat here reading and re-reading and thought, no name, thinking Don’t open it and didn’t. Will report it and share on FB.

  35. People are curious and they are easy target to spams like this. I usually check the e-mail address of sender. If it doesn’t make any proper name/sense, it is suspicious already. I did google right away the bank and it was confirmed as a spam. It is always wise to check or simply no open, if you are not familiar with sender.

  36. Yes, I received this e-mail, the only difference is that the name of the receptionist was Anthony Ball.

    Luckily I did not click on the link. I noticed that the return e-mail address had “jp” at the end, and I don’t know anyone from Japan or who would be visiting Japan. Another giveaway is that the e-mail doesn’t list a specific name for the deceased, just ‘your friend’. I googled “Eubank Funeral Home” and quickly read that this e-mail is a scam, so I’ve deleted it.

  37. Sunnie Bunnie // February 5, 2014 at 2:51 pm // Reply

    I have got two already. Same as above

  38. [email protected] // February 5, 2014 at 8:13 am // Reply

    How do I get rid of it?

  39. I live in Austrelia and have 2 of these passing of a friend notices in the last month.Both came from Eubank Funeral Home and Cremation Services and I would like to know who do I report this scam to..

  40. Charles Hoefle // February 4, 2014 at 9:52 am // Reply

    I just got this email and tried to open the “here” button but it did not open. I will be running my antivirus software now.

  41. Besides assuming that the link was to malware, I noted that the return address had a Taiwan domain. The message was updated to Feb. 3, but I figured that it didn’t say who the dead friend was, and there was no way I could get to it today, I sent the message back. I figure that either the spammer got the message, or someone whose computer had been taken over did.

  42. I got the spam mail. I always hover over the sender name to see the address and the email address was suspect so I didn’t open any links/attachments. So I did a search and it was confirmed as malware.

  43. Yeah…as cautious as I usually am, this fraud got me, and now I am paying the price and trying to get rid of the malware it installed. Unfortunately, I thought that a “go back” would work, but it did not. Not sure why.

Leave a comment

Your email address will not be published.

*



5 + three =