|Name||"Email Consent Letter" Malicious Emails|
|First Publish Date||12-Aug-16|
|Date of Current Status||12-Aug-16|
|Next Planned Update||22-Aug-16|
|Description||Recently, we have seen malicious emails which are “spoofing” or masquerading as originated from an official Xerox Corporation “newsletter” service which are spear-phishing campaigns. These emails contain a variety of information that makes them appear as if they come from an actual Xerox newsletter service, offering recipients the ability to opt-out of receiving future marketing emails by clicking on links that do not lead to any legitimate Xerox site.|
|What You Need To Know?||
Malicious email patterns to watch out for:|
Xerox Corporation (mailto:email@example.com)Message body may be signed at the bottom as: "Sincerely, Bonnie Howard“Sender IP:
Email Consent LetterBody:
Some words or text caption for the malicious links may be misspelled, such as “Unsuscribe” instead of “Unsubscribe”.
These emails can be blocked by mail servers and detected by many anti-virus scanners. However, some still manage to get through and you should be aware of the patterns.
|What is Xerox Doing About This?||Xerox is continuing to monitor the situation and is working with government and law enforcement agencies where appropriate.|
|Impact||Check with your IT Department to make sure they are aware of these spear-phishing campaigns. Only open scan to email files that are sent from a reliable, identifiable, and verifiable source. If you have any doubt about the origin of these or any e-mails, check with your IT Department.|
|What Should You Do?||
Turning off the software upgrade capability and cloning feature is strongly recommended until a patch is available. Only install software obtained directly from Xerox. Only clone device settings using trusted media that has been under physical control. Do not allow unauthorized persons to perform hardware maintenance on any device.
Xerox recommends that all devices be connected to a firewall or router and not directly connected to the public Internet. Make sure the administrator password is not left at the default value. Do not share the device administrator password with anyone who doesn’t have a need to know.
Patches for the 6700 will be available the week of 8/15/2016 and patches for the 7800 will be available Q4 2016.