What Is an eFax Message?

eFax is an online service that allows users to send and receive faxes directly via email. Unfortunately, cybercriminals are known to target services like eFax that leverage the user’s inbox to hide advanced phishing attacks inside legitimate email content.

What Does an eFax Email Look Like?

Disguised as a legitimate eFax message (see below), the scammer planted an attachment inside of the email that the victim received. Because the email itself is expected and seemingly legitimate, it is able to bypass the SEG that is “protecting” the end user’s company.

When the victim opened the email attachment, they saw a “business proposal” from a contact named Grace Mugabe (wife of a late Zimbabwean president and one of Africa’s wealthiest women). The proposal offers the victim millions of dollars in exchange for certain actions.

efax_scam_email (1)

actual_scam_email_efax (1)

How Are SEGs Bypassed?

The scammer bypassed the Secure Email Gateway (SEG) because the email was sent from a legitimate service provider (“eFax”). Services like this are frequently included by security teams on their allowed email list.

Because the eFax scam is hidden in the attachment of a legitimate email, SPF (Sender Policy Framework) and DMARC (Domain-based Message Authentication, Reporting, and Conformance) authentication technologies are unable to prevent the email from reaching the target’s inbox.

Why the eFax Scam Works

  1. The scammers do not target a single victim. Instead, they send this scam to many people. If even only 1% of the victims fall for the scam, they still make a profit.
  2. Solid story – the scammers sell the victim a believable story. In this case, Grace Mugabe is a real name, a wealthy woman in Africa and wife of a late president, so the story may sound real and convincing to some people.
  3. Some people are more gullible than others, and the ones who believe it is a once-in-a-lifetime opportunity may give the scammer their bank details. The criminals won’t necessarily take action immediately to steal funds from the victim. In fact, they may simply sell the victim’s info to other criminals instead.
  4. The scammers will do everything possible to gain the victim’s trust, after which they’ll pretend that there are minor roadblocks that the victim needs to help remove (paying small fees, making a small deposit in order to get access to the funds, etc.).

The Warning Signs

The average eFax user may not notice anything out of place with the phishing email because the email looks like the many eFax messages received in the past.

The warning signs start to appear when the recipient opens the attachment. Some of these warnings may include:

  • No personal note - The message seems very generic; there is no personal note anywhere in the message. For example, the scammer addresses the recipient as “Attn” and not by name, likely because they send this kind of scam to many people.
  • Poor grammar in the message - “he and he knows everything about these investment decisions.”
    The scammer wants the recipient to communicate with “Mr. Samuel Zekota,” who prefers WhatsApp communication only. You would expect someone who is planning on cooperating with you on a multi-million dollar opportunity to communicate at the very least by a phone call.
  • Too good to be true - the scammer offers a free trip to Nairobi, Kenya or Johannesburg, South Africa and a free 5-stars hotel in addition to several million dollars, just for providing financial details.
  • The email address - the scammer as its shows in the attachment seems very generic and not authentic (mgrace6250@gmail.com).

    We invite you to download our new report, "The Business Cost of Phishing," where you can discover the true cost of phishing on organizations as well as what IT and Security professionals believe is coming next.
Or Malzman
Post by Or Malzman
July 15, 2021
Learn more about Or Malzman.