New incoming fax message is actually malware – be on your guard!

Computer users are warned to be on the lookout for messages in their email inbox, claiming to be an incoming fax.

But even though you may no longer regularly interact face-to-face with a fax machine, it doesn’t mean that fax machines have completely disappeared from your life.

Modern fax machines are connected to corporate networks, and you can send a fax (if you wish) just by forwarding a message to a fax gateway, or receive electronic faxes in your inbox from the outside world.

And that’s why you have to keep your eyes peeled for threats like the ones we are now seeing.

The above email claims to have been sent by an online fax service called DuoFax. However, the sender’s email address has been forged, and DuoFax has nothing to do with these messages – in many ways they are actually also victims as their brand is being tarnished by cybercriminals.

Here’s an example of a slightly different email we have seen spammed out in the same malware campaign:

Attached to the emails is a file called fax[random number].zip, which itself contains an executable file called fax01001_DIGIT[5]_.exe

Sophos security products detect the .EXE file as a Trojan horse, Troj/FakeAV-GNL.

You should always be suspicious of unsolicited emails, particularly if they contain unexpected attachments or links to websites. Online criminals are getting more and more crafty in the disguises they wear and social engineering tricks they deploy, with the intention of infecting your computer with malware.

For more information and a free security audit from LSA Systems fill in the form below.

Read the original article at Sophos Naked Security >>>