Phishing Scam – eFax ®

Background

eFax is an online service that allows users to send and receive faxes directly via email. Cyber criminals are known to target services like eFax that leverage the user’s inbox to hide advanced phishing attacks inside of legitimate email content.

The Phish

Disguised as a legitimate eFax message (see below), the scammer planted an attachment inside of the email that the victim received. Because the email itself is expected and seemingly legitimate, it is able to bypass the SEG that is “protecting” the end user’s company.

When the victim opened the email attachment, they saw a “business proposal” from a contact named Grace Mugabe (wife of a late Zimbabwean president and one of Africa’s richest women.) The proposal offers the victim millions of dollars in exchange for taking some specified actions.

SEG Bypass

The scammer bypassed the Secure Email Gateway (SEG) because the email was sent from a legitimate service provider (“eFax”). Services like this are frequently included by security teams on their allowed email list.

Because the scam is hidden in the attachment of a legitimate email, SPF and DMARC authentication technologies are unable to prevent the email from reaching the target’s inbox.

Why the scam works?

  1. The scammers do not target a single victim. Instead, they send this scam to many people. If even only 1% of the victims fall for the scam, they still make a profit.
  2. Solid story – the scammers sell the victim a believable story. In this case, Grace Mugabe is a real name, a rich woman in Africa and a wife of a late president, so the story may sound real and convincing to some people.
  3. Some people are more gullible than others, and the ones who believe it is a once in a lifetime opportunity may give the scammer their bank details. The criminals won’t necessarily take action immediately to steal funds from the victim. In fact, they may simply sell the victim’s info to other criminals instead.
  4. The scammers will do everything possible to gain the victim’s trust, after which they’ll pretend that there are minor roadblocks that the victim needs to help remove (paying small fees, making a small deposit in order to get access to the funds, etc.)

 

The Warning Signs

The average eFax user may not notice anything out of place with the phishing email because the email looks like the many fax emails received in the past.

The warning signs start to appear when the recipient opens the attachment. Some of these warning may include:

  1. No personal note - The message seems very generic, there is no personal note anywhere in the message. For example, the scammer addresses the recipient as “Attn” and not by name, likely because they send this kind of scam to many people.
  2. Poor grammar in the message - “he and he knows everything about these investment decisions.”
  3. The scammer wants the recipient to communicate with “Mr. Samuel Zekota,” who prefers WhatsApp communication only. You would expect someone who is planning on cooperating with you on a multi-million dollar opportunity to communicate at the very least by a phone call.
  4. Too good to be true - the scammer offers a free trip to Nairobi, Kenya or Johannesburg, South Africa and a free 5-stars hotel in addition to several million dollars, just for providing financial details.
  5. The email address of the scammer as its shows in the attachment seems very generic and not authentic (mgrace6250@gmail.com).

 

To learn more about IRONSCALES’ award-winning anti-phishing solution, please sign up for a demo today at https://ironscales.com/get-a-demo/.