Hackers Spoof Office Printers in Latest Email Scam

/ Source: SecurityNewsDaily

An earlier version of this story implied that office printers could be hacked to send out malware. In fact, the emails carrying the malware only pretend to come from office printers. SecurityNewsDaily regrets the error.

See your office printer, sitting quietly over there in the corner, casually whirring to life and churning out paper? You'd never suspect it, but hackers are pretending to be that innocuous workhorse machine in order to attack on your computer.

According to the security firm Symantec, cybercriminals have begun leveraging the increased capabilities of high-tech printers to carry out attacks.

Many modern printers have their own email clients, which are used to contact users. The scammers send emails that appear to come from such printers, with subject lines such as "Fwd: Scan from a HP Officejet," and a message reading, "Attached document was scanned and sent to you using a Hewlett-Packard HP Officejet," Computerworld reported.

The emails contain what appears to be a .zip file; when opened, the file automatically drops a Trojan on the recipient's system, which enables the hackers to steal documents and other personal information from the victim's computer.

The bait emails appear to be from the company printer and often include the target's last name. This kind of personalization is a basic tenet of spear-phishing attacks, and has been deployed by criminals to penetrate the networks of major global corporations including DuPont, Google and Morgan Stanley.