These days consumers have lots of choices to send and receive fax messages. Not only we have traditional fax machines but we have the option to use online fax services as well. There are many good commercial and free services that help in sending and receiving free online faxes to and by the intended recipients and senders.
The file formats that are supported to send and receive faxes in an online environment are multiple and numerous in nature. They may include pdf, word or popular image formats, etc. This has created a trust relationship where the fax recipient has little reason to suspect the intentions and faxed material by the sender. If this is not enough, the Internet is full of unprotected and unsafe devices that are openly abused by the cyber criminals.
Cyber criminals have now started abusing the fax facility to deliver malware to the innocent receivers of such faxes. Computer users have been warned to thoroughly analyse the fax messages that they receive in their e-mail inbox as they are carrying malware.
The present day fax machines are connected to corporate networks that forward a message to a fax gateway to send faxes to others and to receive electronic faxes in your inbox from others.
Cyber criminals are sending fax messages to others with malware attached to the message. The fax is sent in the form of a zip format that carries the executable file. A careful computer user would be quick to discard such a fax message as this is generally not the format for sending or receiving fax messages.
However, many users are neither that careful nor that lucky and they download the zip format and unintentionally execute the malware. The security product has discovered the malware as a trojan horse named Troj/FakeAV-GNL.
At Perry4Law Organisation and Perry4Law’s Techno Legal Base (PTLB) we believe that it is a good cyber security best practice to safely ignore those e-mail messages that have executable attachments. Further, e-mails from strangers and carrying attachments should also be discarded.
We also believe that human beings are usually the weakest link in the security chain and social engineering is the easiest way to break into a system. The recent episode of sending malware through fax messages has proved once again that social engineering is the weakest security link in the cyber security infrastructure and we must take care of this aspect in future.