Phishing: Re: Advice - Remittance 86,000 Process for Dewiride:MDT _Ref.c0670a134f064f87e93021f312960a6d

Dear Support. You have a fax document from Xerox Scanner. Pages: 2 Full scanned PDF/HTML File. Remote ID: 34455191. Advice - Remittance 86,000 Process.

Attcking email

Complete Email

From: mg@sulmed.com.br <mg@sulmed.com.br>
Subject: Re: Advice - Remittance 86,000 Process for Dewiride:MDT _Ref.c0670a134f064f87e93021f312960a6d
Attachments: ELECTRONIC RECEIPT_Dewiride.htm

Email Body

This sender has been verified from safe senders list.

New Fax Received For
support@dewiride.com

Dear Support. You have a fax document from Xerox Scanner.
Pages: 2 Full scanned PDF/HTML File.

Received: 12:49:21 PM

Date: 1/14/2025

Remote ID: 34455191

For more information on Xerox products and solutions please visit: https://www.xerox.com Workplace and Digital Pricing Solutions | Xerox

Workplace solutions, document management and digital printing techcologies to help organizations communicate, connect and work.

www.xerox.com


Red Flags

Analysis of the Email: A Phishing or Malware Attempt


  1. Suspicious Sender Address:

    • The email is sent from "mg@sulmed.com.br," which does not seem connected to Xerox or Dewiride. The sender’s domain does not align with the content or purpose of the email.
  2. Attachments:

    • The attachment name, "ELECTRONIC RECEIPT_Dewiride.htm," is concerning. .htm files can contain malicious scripts that execute when opened, potentially compromising your device.
  3. Generic Greeting:

    • The salutation "Dear Support" is impersonal and a common tactic used in phishing emails to target organizations without addressing specific individuals.
  4. Urgency and Lack of Specificity:

    • The email attempts to create a sense of urgency by referencing a "fax document" and "new fax received." However, it lacks details about the content of the document.
  5. Links to External Sites:

    • The link to the Xerox website could be legitimate but is irrelevant in this context. Scammers often include real links to mask malicious intent.
  6. Technical Errors:

    • Grammar issues and awkward phrasing like "Full scanned PDF/HTML File" and "techcologies" detract from the email's credibility.

What You Should Do

  1. Do Not Open the Attachment:

    • Avoid downloading or opening the .htm attachment, as it could contain malicious scripts or phishing attempts.
  2. Do Not Click Any Links:

    • Refrain from clicking the Xerox link in the email. Even legitimate-looking links can redirect to malicious websites.
  3. Verify Independently:

    • If you receive emails about sensitive matters like remittance or faxes, verify directly with the supposed sender using trusted contact details.
  4. Mark as Spam/Phishing:

    • Report the email as phishing in your email client to prevent further messages from this sender.
  5. Check Your System:

    • If you've already opened the attachment, run a full malware scan using reputable antivirus software.

Conclusion

This email is highly a phishing or malware scam. Do not interact with the attachment or links. Always confirm the authenticity of such emails with the purported sender or through secure, verified channels.