“There is nothing more deceptive than an obvious [FAX].”

Sir Arthur Conan Doyle actually said “There is nothing more deceptive than an obvious fact.” in one of his Sherlock Holmes stories. In other words, perceived facts can be misleading, and we shouldn’t believe everything we see without thinking it through.

This quote is certainly true when it comes to phishing attempts. Bad guys are counting on users acting without thinking. With this said, we are seeing numerous “fax-based” scams which have been effective and require greater scrutiny and awareness. Let’s look at one such example.

IT-support-managed-services-cybersecurity-small-business-oil-gas-Midland-Texas-Fax_Phish_2.png

In this email, the scammer wants you to click on the document or link and enter your email address/password. Once they have your password, you are in trouble. With this said, there are “elementary” clues to the email’s legitimacy. Please see the following:

Notice how the email comes from an unknown email address.
Notice how the email includes a phone number in the sender and recipient fields in an attempt to make it look like a normal fax.
If one hovers over the link and document, you can see that the URL points to a strange, unknown address.
Notice how the salutation says – “Fax Mail Team”. Who are those guys?
Notice the typo in the header – no space between “FaxReceived”.

These clues all point to a phishing attempt, but the fact of the matter is that you almost assuredly will not receive an electronic fax without knowing about it in advance. Remember: When in doubt, don’t act on it. It’s simply not worth it.

Schedule a Discovery Meeting

BlogJack CohlmiaFebruary 14, 2020phishing, Cybersecurity