Phishing has become more sophisticated, and recently cybercriminals found yet another way to infiltrate your SMB customers’ networks—through scanned email attachments. That’s right, the attachment you thought was scanned by your HR representative just might be a scam.
This dangerous attack poses as an attachment from a Cannon, HP, or Epson printer/scanner, preying on victims who quickly click on attachments. In a recent Threat Spotlight, Fleming Shi, Barracuda’s senior vice president of technology, shared the details of the attack and how users can avoid becoming the next victim. Here’s his perspective on why this has been such a successful attack:
“The attackers have chosen PDF-generating devices because PDF files can be weaponized to deliver active contents which can be harmful to users. Receiving a PDF attachment in an email sent by a printer is so commonplace that many users assume the document is completely safe. From a social engineering perspective, this is exactly the response that the cybercriminals want.”
3 Things you need to know about the printer impersonation scam
While a layered security approach helps protect customers from falling victim to a phishing attack, you also need to educate your customers about recent threats. For example, here are three things you should teach them about the printer impersonation scam:
1. How the attack bypasses traditional security filters. On most of the recently discovered printer impersonation attacks, subject lines typically read “Scanned from Epson” or the brand of printer that it’s impersonating. Not only is this malicious file posing as an attachment from a trusted printer, it’s also hiding the malicious code inside the file archive—a tactic that has been allowing it to bypass traditional filters and antivirus systems.
2. How it can gain access to the system. As soon as a user clicks on the attachment, it opens a backdoor to the victim’s PC—allowing the attack to infiltrate the network and any connected systems. With access to the network, hackers can then give themselves local administrator rights and credentials to the system—and any connected networks—making this a nightmare for IT service providers.
3. How to avoid this attack. As a rule of thumb, there are a few best practices you should have in place to avoid this type of cyberthreat. This includes having a layered approach to security and keeping user education up to date. Remind customers to think before they click if they see an unexpected scanned document come through their email. Just like best practices to avoid spear phishing attempts, users should check with the individual who they believe sent the email and verify that it’s a legitimate document before proceeding. Additionally, if there’s a hyperlink, remind users to hover over the link to double check the URL before clicking.
As 2018 progresses, focus on educating your customers about security. Cybercriminals show no sign of stopping, and user education paired with the right security tools is the best defense against today’s sophisticated attacks.
Photo: Magnetic Mcc / Shutterstock.