Information Hub‎ > ‎The Bad Guys‎ > ‎

FAX

BACKGROUND ON FAX:
Up until the mid 1980's a FAX (facsimile) machine was used due to the lack of e-mail at most locations. While the technology is still out there it is fading due to the cost and limited available equipment, cost of long distance calls versus using an existing Internet connection, and ease plus speed of sending it via the Internet using mainframes, servers, desktops, laptops and hand-held devices form nearly any business and many residences.  Since 2010 it is likely at least one generation of adults may have never received a FAX.  This creates a wonderful cover for the Bad Guys to exploit.

ATTACK OVERVIEW:
Text of this attack including spacing is from an actual attack with the e-mail address changed to your-email-address.  Any unsolicited e-mail containing an attached ZIP File (file ending with ".zip") should be considered high risk until you can confirm who send this and what it contains.  These files can hide a simple text message to complex highly destructive programs or programs to steal information or both.
ZIP files were effective for sending large files via e-mail in the early days.  Today the ability to download legitimate files from a legitimate site has significantly reduced the need for ZIP and thus reduced risks to you.  When did a software company send you a .zip file versus you downloading the files from their web site?  It is easier and safer for you and costs them less to make it available to you.




      your-email-address on behalf of; 'Interfax' incoming@interfax.net [name tied to
      your e-mail address] <your-email-address>
       You have received a new fax, document 00000643417

       To:  your-email-address

       Message:  scan00000643417.zip

       New incoming fax document.

 

       Scanned fax document is attached to this email.

 

       Document name:        scan00000643417.doc

       Scan time:            9 seconds

       Quality:              500 DPI

       Scanned at:           Tue, 27 Oct 2015 07:55:22 +0300

       Sender:               Everett Keller

       Number of pages:      5

       File size:            171 Kb

 

       Thanks for using Interfax service!

 

===============


So what's happening here?

      FIRST: NEVER OPEN AN UNCONFIRMED ATTACHMENT, ESPECIALLY A .zip FILE

  1. Internet FAX?
    e-Mail replaced most uses of fax machines so why would someone send a FAX via the Internet? Because they can't get damaging computer code into your computer via a FAX machine. They fake a FAX message as being in the .zip file which can contain anything ... you take it on good faith that someone you don't know isn't trying to create problems and possible expenses for you.

    Apparently the Bad Buys are leveraging the good Interfax Communications Limited name (based in Dublin, Ireland) name to hide their attack from recipients.
     Dublin is in Greenwich Mean Time [GMT] which is 5 to 6 hours ahead of Memphis (our Central Standard Time [CST] vs. Central Daylight Savings Time [CDT]).  They can be e-mailed at eu@interfax.net for those interested in doing so.

  2. Your impersonal e-mail address repeatedly used creates Personalization
    Why is your e-mail information plastered at the start of the e-mail?  It gets your attention and adds some level of "personalized" communication using an impersonal e-mail address.

  3. 3 Reminders this is a FAX!
    This is misdirection to get you focused on this being a fax and not an attack against you.

  4. Repeated Use of Same Number creates Illusion of Legitimacy
    You see the same number for the "fax" repeated within the e-mail to build your confidence.
    The next e-mail of this type may use the same or different number.  Scanned dates and times shown are often inserted when sending the e-mail to create the look of a legitimate message.  You see a name of the sender, number of pages and file size.  Do you know this person?  Why is this person sending you something "out of the blue"?  You cannot determine what the file size is without opening the .zip file and when  you do that they win and you have new problems.  Number of pages is 5?   1 you may have no interest with, 19 you may put it aside but 5 is a quick and easy read and your curiosity is starting to rise.


  5. WHAT IF YOU ARE UNSURE?
    You notice there is no way to confirm this e-mail except to try and contact Interfax, which may not be easy.  If you do reach someone who can confirm messages sent you may detect some frustration as they may be dealing with other calls about this bogus e-mail being sent.