PC410.com, Science Translations in Westminster Maryland, established 1990

Managed IT Services, PC Service and Sales in Central Maryland
Home » Rants » Infectious Fax? No, It’s a Dangerous Download

Today’s mail includes a new variation of an existing scam. A simple message, apparently coming from your own email server, reporting the arrival of a fax message. Note that it’s all super-generic; the from address is fax@ (your email domain here), and the return address is (probably random) blopez27@ (your email domain here). The download link is through Google’s goo.gl link shortening service, but other domain shorteners are likely also in use–note the reference to Dropbox in the email–OOPS!

 

FakeFax-anon
 

Don’t Do What I Did–I Am A Professional

OK, I followed the link. it led to a ZIP file, and I downloaded it. Again, don’t try this at home.
Then I opened the file. It contains one file, ‘Document-2816409172.scr’. I did NOT open that file.

A fax would typically be an image file, probably PNG or TIF or JPG format. It will not be inside a ZIP, because ZIP files compress or bundle other files, and image files are already compressed as much as they can be, so zipping them makes them slightly larger–there’s no logical reason to zip a fax image.

An SCR file is a Windows screen saver, and it can contain scripting and program code. It’s potentially very dangerous.

So, for those of you who still use 20th-Century image transmission technology, er, faxes, be advised of these facts:

  • Email services won’t receive faxes for you.
  • Fax services are branded with the name of the service provider that you pay a monthly fee to, or on corporate networks, much more information than just the domain name from your email address.
  • If you haven’t paid for a fax phone number through a paid service, any fax that arrives is anything but a fax.

OK, all of this should be obvious, but if no one is falling for the scam, then why haven’t the senders moved on to the next evil idea?