A Look at Fax Phishing

I recently setup a new honeypot which appears to be an IT security related company.

In addition to a few other hidden gems, this honeypot is complete with fake contact information for the company, including email, phone, and fax.

Today I received my first hit from the honeypot - and I was very surprised when it was a phishing attempt over fax!

The Phishing Attempt sent over Fax
This fax claims to be from the company's HR department, and is addressed to all employees, and advertises a 6 day all inclusive vacation at an exotic out-of-the-country location for only $129 per person.

The old adage holds true here - if something sounds too good to be true, it probably is.

A quick search shows that the number is very commonly used in scams, as seen here and here.

Of course the dead giveaway that this is a scam is that my honeypot doesn't have an HR department, and no one actually exists in the company to send such an offer out to the honeypot's nonexistent employees.

I have a feeling this new honeypot will provide for some great entertainment. Stay tuned for more!

No comments:

Post a Comment