Multifunction device phishing and malware threats

Multifunction devices: A new threat

Technology is evolving at a rapid pace, and busy organizations need to adopt more streamlined solutions in order to keep up with demand. Enter: multifunction devices. An all-in-one product that offers printing, scanning and copying services, they are a must-have for fast-moving businesses.
But with new tech comes risk. And in companies where every employee has access to multifunction devices, the risk increases exponentially. The most common issues are phishing (an attempt to deceive a user in order to gain information such as passwords and bank details) and malware (malicious software that can destroy devices and even bring down companies).
Phishing involves spoofed emails that are sent to users as if they were delivered from the printer – and I see them often in my line of work. Their goal is to obtain an employee’s information through subversive phishing tactics.
This is a common lure that doesn’t discriminate based on location, company size or industry. I advise every employee to be wary of three “warning signs” for multifunction device phishing: incorrect employee names and glaring typos in messages; a message requesting urgent action; and embedded links with forged domain names.

A solution to rising incidents

Despite multifunction device phishing gaining notoriety in the media, the number of attacks has risen in recent months. I’ve seen first-hand how phishing tactics are now advertising themselves with well-known company names to entice employees to act.
Recent phishing attacks that were reported in November 2018, for example, showed that malware was sent through emails to users in the form of PDF attachments. Using subject lines such as “Scanned from HP” and “Scanned from Epson”, as soon as the staff members opened the attachments, the attackers were able to gain access to their PCs.
From my experience, most attacks target users on a specific network, using the multifunction device as a source.
The solution is clear: protect the multifunction device against invasive attacks. But many organizations are unaware their devices are even capable of being compromised, let alone how to create barriers that protect against phishing scams and malware threats.

The key to bolstering security

So what can you do to bolster MFD security and protect your organization’s devices from phishing and malware threats?

• Educate staff: Bring employees up to speed on how multifunction devices work and the most common security threats mentioned above.
• Be vigilant: Only open emails related to the device when you are expecting them. That means only click on links when you know the person has scanned and sent a file to you, or you scanned the document on the multifunction device yourself.
• Use a high-quality multifunction device: Not every MFD is created equal, and it’s often the older models and those without built-in security measures that are easiest to penetrate.

Canon is a leading provider of secure multifunction devices for corporate use. With enhanced security encrypted hard disks across Canon MFDs, you’re protected against a range of incoming attacks. Canon’s uniFLOW print management system also employs 256-bit RSA encryption when transferring jobs across the network, which renders any attempted malware attacks ineffective.
Your organization already invests in new technology to stay ahead of the competition. But it’s equally important to invest the security to protect it.