Researchers have recently seen an uptick in the number of spoofed email messages that look like they’re coming from network-attached printers and scanners. The messages appear to originate from Canon, HP, or Epson devices, and often include a malicious .pdf attachment. While this attack methodology isn’t particularly sophisticated, it can be effective if the right tools aren’t in place because it exploits the high level of trust that we tend to place in such devices.
The subject lines typically read something like “Scanned from Canon,” “Scanned from HP,” or “Scanned from Epson” without any further information in the body. While .doc attachments rightly raise eyebrows, we tend to think of .pdf files as being safe. But unfortunately, they often aren’t, and these files can easily be weaponized to carry malicious content like ransomware.
Print- and scan-to-email functionality has been around forever, and many of us are so used to it that we wouldn’t think twice about opening an attachment we receive. Modern email security controls have done a pretty good job of screening these attacks out, but it only takes one to cause a major problem. To protect against these attacks, confirm with the sender (if possible) or just delete the message. If the message contains a hyperlink, hover your mouse over it to see whether the link is actually going where the message says it’s going. As always, if it looks suspicious, it probably is.
If you’re not sure your business is safe from seemingly benign emails like these, let’s talk.