Sophos Cloud Optix
Computer users are warned to be on the lookout for messages in their email inbox, claiming to be an incoming fax.
I can’t remember the last time I used a fax machine.
The one which until recently sat in the corner of the Naked Security office was certainly unloved by all, only seeming to find a purpose to its sorry existence when junk faxers would trouble it with their unwanted marketing messages and spams.
(What always irritated me about junk fax was that it was *our* paper and *our* ink that was being used by the lowlife arsehats who sent them against *our* wishes).
But even though you may no longer regularly interact face-to-face with a fax machine, it doesn’t mean that fax machines have completely disappeared from your life.
Modern fax machines are connected to corporate networks, and you can send a fax (if you wish) just by forwarding a message to a fax gateway, or receive electronic faxes in your inbox from the outside world.
And that’s why you have to keep your eyes peeled for threats like the ones we are seeing this morning.
The above email claims to have been sent by an online fax service called DuoFax. However, the sender’s email address has been forged, and DuoFax has nothing to do with these messages – in many ways they are actually also victims as their brand is being tarnished by cybercriminals.
Here’s an example of a slightly different email we have seen spammed out in the same malware campaign today:
Attached to the emails is a file called fax[random number].zip, which itself contains an executable file called fax01001_DIGIT[5]_.exe
Sophos security products detect the .EXE file as a Trojan horse, Troj/FakeAV-GNL.
You should always be suspicious of unsolicited emails, particularly if they contain unexpected attachments or links to websites. Online criminals are getting more and more crafty in the disguises they wear and social engineering tricks they deploy, with the intention of infecting your computer with malware.
Image of Old fax machine courtesy of Shutterstock.
I always check the message source for spam mails I am in doubt with.
Usually a dead give away.
I can’t remember – what’s the fastest way to do this? Thanks.
My faxes come as .pdf files, not .zip files. I would hope that would be my first clue. But it probably wouldn't, especially if I were tired or distracted, so thanks for the heads-up! Also, note that the one that says it comes from an 800 # doesn't have enough digits in the originating phone number.
The latest version as of June 2014 shows the attachment with an extension of .pdf. Viewing the full email shows it is in fact a .zip
They are getting more clever every day.
I've had emails like these dropping into my inbox off and on over the last few months. There are also other, similar one's, masquerading as Xerox printer reports but, since I don't have a Xerox printer, I've ignored these as a minor irritation.
Many users will have a multi-function printer that includes a fax capability. It's very tempting to route your phone line through it in the pursuit of the extra functionality, but if you don't use it then I suggest you do as I have and remove the phone line from the printer!
I had one of these duo faxes. I deleted it without looking as I wasn't expecting a fax. Looked like spam
Fax machines are still extremely prevalent in the Healthcare industry. At the Hospice I support, we send and receive dozens of faxes every day from Doctors' offices as well as hospitals and nursing homes. Like it or not, faxes are still the most secure way to get PHI to someone.
Hank Arnold (MVP)
I received one sent from a hotmail address entitled Fax #O2n5Ji0fxsX
It was a zipped file but when I scanned it using my currrent AV Software it didn’t find anything.
I’ve deleted it just in case but cuirious as to why it passed a brief scan.
I opened one by accident on my mac….am I at risk?