eFax Email Phishing Scam

Posted on Aug 28, 2012

If you receive an email from eFax and think that there is something strange with its content, you are probably right.  I recently received a Fax Message and at first glance, everything seemed legitimate. However my curiosity got the better of me and after further review,

I noticed that there were problems with the email. I do own an eFax account but the number shown below along with the highlighted link looked a bit odd to me. I read a lot about IT security matters and I write blogs about a variety of IT support and network security topics. I can say that without reservation, it’s common to see fake phishing emails like these from reputable establishments like Bank of America, UPS, and even eFax.

Luckily, I didn’t click on the link to check the details even though this email got past our spam filter. My company uses a trusted and secure email filter, whose identity shall remain nameless for now.

Shortly thereafter, a colleague of mine sent an email to me regarding the same information, only targeted towards him. I decided to hover my mouse over the link in the email, only to see that it was directed towards another site, which was not eFax.

All the information looked pretty legitimate and fairly convincing. I have to admit that it almost had me fooled and I surely would have felt like an idiot, especially since I follow security news so closely.

Our IT support team was notified about the email and I decided to write a blog post about my recent “phishy” eFax experience. It shows that not all emails can be completely trusted, and users are still susceptible, even with a quality email spam blocker.

I receive legitimate messages from eFax on a daily basis. On the surface, this message looked normal but something was not quite right about it. The font was different and the eFax logo was a bit larger than normal. These minor “oddities” were sufficient to convince me that I should not click on the links in the message (although it was definitely a close call). It just goes to show that sometimes you  have to trust your instinct – or at least pay attention to it! If you receive an email and something looks a little bit odd, take a closer look at the link destinations to make sure that everything is ok. This might save you and your IT Support provider a lot of time. This is particularly true if the message comes from a familiar source.

Best practice dictates to be on the lookout for emails such as the one described above and to verify the destination of links contained in the email body (even if the message appears to come from a trusted source!).

Written by IT Support and IT Consulting Professionals at FedSolutions. Thanks for reading!