Don’t open attachment from printer@, scan@, fax@

Don’t open attachment from printer@, scan@, fax@

Back to CIRCL Newsroom - Press Release

You can report incidents via our official contact including e-mail, phone or use the Anonymous reporting form.


CIRCL is accredited TI CIRCL is a FIRST member CIRCL is an OASIS member

CIRCL has just spotted a new spam campaign that seeks to trick email users into downloading malware coming from messages such as:

  • printer@yourorganisationdomainname (i.e.
  • scan@yourorganisationdomainname
  • copier@yourorganisationdomainname
  • fax@yourorganisationdomainname

There has been an improvement in the techniques used to persuade users that these emails are indeed sent from the printer.

The spam campaign’s email messages are delivered with a .doc attachment that contains macros, which attempt to download financial malware in general.

“We recommend to not open the attachment and to forward this suspicious email directly to your IT Security department or the CIRCL team”, explains CIRCL. As a precaution, IT departments should configure their printers in a way they send mails with a specific keyword in the subject which makes it distinguishable from fake emails, e.g. “Message from HR printer 7th floor”.

More information: