CIRCL has just spotted a new spam campaign that seeks to trick email users into downloading malware coming from messages such as:
- printer@yourorganisationdomainname (i.e. firstname.lastname@example.org)
There has been an improvement in the techniques used to persuade users that these emails are indeed sent from the printer.
The spam campaign’s email messages are delivered with a .doc attachment that contains macros, which attempt to download financial malware in general.
“We recommend to not open the attachment and to forward this suspicious email directly to your IT Security department or the CIRCL team”, explains CIRCL. As a precaution, IT departments should configure their printers in a way they send mails with a specific keyword in the subject which makes it distinguishable from fake emails, e.g. “Message from HR printer 7th floor”.
More information: https://www.circl.lu/botfree/