Press Releases

Browse our press release archive

10 Aug 2005

Lax lured by phishing fax-backs - Sophos warns of latest internet fraud trend

Experts at SophosLabs™, Sophos's global network of virus, spyware and spam analysis centers, have warned users about a new phishing campaign which tries to get innocent computer users to fax their credit card and bank information directly to the phishers rather than visit a bogus website.

The emails, which claim to come from Paypal (the payment system used by the popular Ebay auction website), tell users that someone tried to reset their password. The email urges the user to fax back information which will assist in the investigation into the alleged security breach.

The emails point to a Microsoft Word document hosted on a Polish website, which the recipient is instructed to download and complete with their bank account details (including PIN information), credit card numbers and login details before faxing back. Sophos has confirmed that the telephone number mentioned in the emails is hosting an active fax machine.

The email looks like the following:

An example of the email
The email urges you to fax confidential information to the phishers.

"In the last few days we have seen a number of attempts by phishers to use this technique, and it's possible that some people who know that they need to be careful about entering their confidential information on a bogus website may think that completing and faxing back such a form is somehow safer," said Graham Cluley, senior technology consultant for Sophos. "It's important that no-one is lax when it comes to their internet security, and keep their critical banking and credit card details close to their chest."

The phishers urged recipients to fax back their confidential information
The phishers urged recipients to fill in a Word document and fax back their confidential information.

"Interestingly, the phishing gang may have made a huge blunder by including the fax number in their scam. PayPal and the authorities are sure to follow that lead when investigating this matter further," continued Cluley.

Sophos recommends companies protect themselves with a consolidated solution which can defend businesses from the threats of both spam and viruses; and that users do not open or reply to unsolicited emails.

About Sophos

More than 100 million users in 150 countries rely on Sophos as the best protection against complex threats and data loss. Sophos is committed to providing complete security solutions that are simple to deploy, manage, and use and that deliver the industry's lowest total cost of ownership. Sophos offers award-winning encryption, endpoint security, web, email, mobile and network security solutions backed by SophosLabs - a global network of threat intelligence centers.

Sophos is headquartered in Boston, US and Oxford, UK. More information is available at www.sophos.com.