You have a new Fax!

When was the last time you received a fax? Possibly never. But, it might surprise some of you to know that millions of faxes get sent every day. In Germany, Japan and the US especially, they are alive and well, if not so much here in the UK. But how are they used in Phishing?

Phishing is not a specifically email related nuisance. SMS is another widely used approach (known as Smishing), but any medium can be used. It can be anything that targets stealing of personal information or money (the former only obtained in order to get the latter).

Here we’re looking at email, rather than faxes per se. But with the digitisation of services, both voicemail and faxes are now increasingly being delivered digitally as email attachments. Over the last year in particular, previously office bound workers started working from home, and as a result the use of hosted phone services saw a huge rise.

Phishing has followed this trend, and now one of the most common approaches that we’re seeing reported that gets through to the inbox is that of a received Fax.

Phishing email alerting to new fax messages

The above is a good example, though as usual, once you look closely there are several give-aways that it’s not real.

Webpage as an attachment

Very common these days is the replacement of a PDF or Word document as an attachment (both of which were often used to hide the links that take you to the phishing site rather than placing them in the message body) with an HTM/HTML file. In the example it’s Edge, but it could show up as Chrome or Firefox, depending on your default browser. 

What’s different about this is that the attachment contains code that runs a script on your computer. The attachment is a file, and if we save it and open it (securely of course, because we’re suspicious) we can see that it’s opened a web page but the URL is the location of that folder, not a website.

Fake Microsoft Office 365 sign in page

This example has other odd attributes. The page is mocked up to look like a Word document (why would a fax open as a Word Doc?) with the background blurred and a Microsoft sign in prompt overlaid on top. It’s not uncommon for the page to look like a standard Office 365 sign in page, or even your own company branded logon portal. Your email address is embedded in the script (I’ve changed it in the example) and it can even pull your custom office 365 sign in page background down making it look like your company portal.

You can enter a password, but no other buttons work.

Fake Microsoft Office 365 sign in page

As usual, if you try to sign in, it doesn’t work. It may then take you to the real Microsoft sign in web page after that, mainly to alleviate suspicion that this was a scam all along, and make you think there’s something wrong with the sign in.

Fake Microsoft Office 365 sign in page incorrect password

What else can we see?

There are other signs and inconsistencies which are often present that you can always look for.

  • Do you know the sender? Usually not.
  • Are you expecting a fax from anyone?
  • If it’s a voicemail, have you seen any missed calls? It is delivered in the same way your voicemail is normally delivered?
  • Does the message body fit the subject and the rest of the message?
  • If you click on the link or attachment (and really, you shouldn’t unless you are using a secure browser) does the page look like you would expect?

All this and more can reveal whether it’s a legitimate email or not. Often when receiving dodgy emails from unknown senders, we get a feeling that something is not right. The best action to take is to be extra cautious. Check with your IT department or, if it looks like it might be real and you just want to be sure, follow up independently by searching for the sender company online (not by clicking the link in the email) and give them a call to verify if they really did send it.

Like this article?

Share on twitter
Share on Twitter
Share on linkedin
Share on LinkedIn
Share on email
Share by Email

Subscribe to our monthly newsletter

Get the best IT tips and Office ideas in your inbox

Further reading

Chapter 3: DNS and Domains

In this excerpt from Ciaran’s upcoming White Paper ‘The Mail Must Get Through’ on email deliverability, we examine one of the core underlying features of the internet, DNS and Domains.

Read More »

How To Selectively Sync Folders In OneDrive And SharePoint

Syncing your OneDrive and SharePoint content to your PC is a useful way of accessing your data in the familiar Windows Explorer (or Mac Finder) view. It’s also a great way to work on items offline as you can sync in advance of travelling. But, there is a cost in terms of the background processing, especially if you have a large number of items in your OneDrive or SharePoint libraries.

Read More »
Scroll to Top