Attack Vector Recycling?

I received a fax today. Now, that may not be worthy of noting on here, apart from the fact that I hardly ever receive faxes these days. But the interesting fact is that it was sent to my US based fax number and offered me a great deal on a "New Health Plan" for only $89.50 per month.It provided me with a number to call to secure this wonderful deal. At the bottom of the fax it said:

"To have your number removed please go to {web site} or call toll free {phone number}. This is in response to your request for information. This is not a solicitation. This info is sent to you as a request for health insurance."

Now, what most of you would be unaware of is that I am based & live in Sydney, Australia. And I'm sure as hell I didn't request any information on a health insurance plan from the USA!

The fax looked very much like your typical email-based spam, so I was immediately suspicious. I wondered why the people behind it used faxes as the medium to send me the "offer" instead of email? I was also suspicious of the "unsubscribe" web site and the phone number provided to have my fax number removed from their contact list. So I did a bit of research on the information provided in the fax.

With the help of my esteemed colleagues Aryeh Goretsky and Pierre-Marc Bureau we were able to determine the following:

  • A check of the supplied phone numbers showed that there seems to have been questionable/unsavoury/illegal acts carried by the people behind this so-called health insurance company, and that a number of people have been scammed by them.
  • The web site address provided to supposedly get your fax number off their call register did not seem to attempt to download any malware. But having said that, when the details for this website were checked, the details looked decidedly dodgy. The web site was very plain and simply asked the user to submit their fax number so it could be removed from their list.
  • I called the phone number that they supplied to enable my number to be removed from the list, and guess what? I got no answer!

So it would certainly appear that this is part of a well established scam. Why did they choose to use fax-based spam instead of email-based spam? Maybe the world is so full of email-based spam these days, with sophisticated spam filters in place, and users who are becoming email spam aware, they have chosen to go back to one of the good old scamming vectors – the fax machine!

And what's the story with the contact list removing web site? While I can't prove it I'm quite certain if you supplied your fax number to the site, somebody somewhere will add your fax number to a list of valuable confirmed and valid fax numbers for further spam attacks. And I seriously don't think these guys would actually take you off their list….

So it could be a case of if they don't get you with the scam, maybe they can still get some value out of the exercise but confirming that your fax number is valid.

This is a good example of how scammers will use any technology available to them if they think it might help them to scam you out of your money. Maybe they think that email based spam is so common they'd go for something different, something that hasn't been associated with scams for a very long time – faxes. "Everything old is new again!"

And maybe this serves as yet another reminder about what you see on the Internet: "If something is too good to be true, it probably is!" It's always good to be wary when surfing on the 'Net.

Craig Johnston
Senior Cybercrime Research Analyst

Author , ESET

Follow us

Copyright © 2017 ESET, All Rights Reserved.