Last Updated: 2012-08-17 23:17:01 UTC
by Guy Bruneau (Version: 3)
Chad sent us a report today that they have been receiving strange eFax messages. Users who are using eFax are receiving "spear phishing" emails.
We are looking for additional information that could help us understand if this new "spear phishing" method is widespread. If you have been receiving similar messages or have any tips on how you managed to filter this type of activity, please use our contact form, or share in the comments below.
Update 1: What we have learned so far:
- You don't need to be an eFax subscriber to receive these eFax via email. Anyone can be a target
- It appears to be part of a Blackhole Exploit campaign
- The following seems to actively block suspicious eFax: Symantec Enterprise Protection 11, Barracuda and Mailmarshal emailgateway
- Other reports of antispam successfully filtering eFax are: Postini, Proofpoint and Google Apps spam filter
- We received a report that MessageLabs did not block these emails
ISC reader John indicated that he has filtered all Blackhole Exploit style phishing campaigns, including the eFax, FedEx, and AmEx with one simple RegEx:
Guy Bruneau IPSS Inc. gbruneau at isc dot sans dot edu