It’s a newer feature in a lot of businesses, and it’s handy. All-in-one printers can scan and email images to you so not everyone in the office has to have their own scanner. However, a new scam centers around the idea that someone may scan an image for you to download, but instead of an image, the email asks that you open a .zip file instead of a .jpg, .pdf, or .tiff. Since the scammers seem to be smart enough to spoof the header info, it appears as if someone in your company sent you the file.
Of course, the .zip contains malified (I made that world up. Cool, huh?) files with the .jpg or .doc file extension. That’s not good, because most enterprise security focuses on protecting the network from the exterior, not from users within the network. Just like that, you’ve infected your whole office. What can you do? Be aware of who sends you emails with attachments. Know how your office printer operates. If it sends PDFs, but you get a zip file, it’s probably not legit. If you don’t recognize the email address, forward it to your IT department with a warning that you think it’s a scam. Let them know if you did open it, so they can scan your system immediately.
Source: InfoWorld
I was picturing an All-In-One that secretly emails a CC of everything you scan to some address.
I’m sure that’s just a fake Technician badge and a “firmware upgrade” away from any office.
You made the whole world of Malified up? the whole planet?
/snark
Pingback: Noisecast Roundup 9-27-2011 | The Noisecast