crixerox-secondary.z15.web.core.windows.net

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!

"Xerox Scanned XXXXXXXXXXXX Document: Important Company Guideline Notes" Hello! I'm an IT admin and had one of my clients send me a copy of this kind of phishing email and I'm wondering just where it may have come from. The contents are clearly a phishing scam: "🖨️Attn: XXXXXXXXXXXX **-You have an important XXXXXXXXXXXX designated Document-** It was scanned and sent to you \[XXXXXXXXXXXX\] using a Xerox WorkCentre multifunction device on Microsoft Exchange Portal. For more XXXXXXXXXXXX-specific information as it relates to you, please visit XXXXXXXXXXXX **Retrieve Document**" I've X'd out any emails and links that look like they would belong to my client's domain, when they clearly don't. The "please visit" link is actually something like this: "[crixerox-secondary.z15.web.core.windows.net](https://crixerox-secondary.z15.web.core.windows.net)". It takes you to a fake Outlook Web App login page. This is what gets me: 1. At this particular client's location we've never had a Xerox printer until a week ago. Prior to that it's been all Epson and we never had emails like this. 2. I installed the Xerox printer myself and I disabled the Xerox cloud service, all the ports and protocols, except for the very necessary to get printing working in that particular location. I also installed the drivers (.INF based, not the .exe installer) myself on the workstations. 3. In addition, the whole network is firewall completely, only allowing VPN connections from the outside with logging and all that. There's no way someone would have just scanned the network remotely. 4. I'm suspecting one of the computers might have some sort of spyware installed? I have no other theory for why specifically a "Xerox" phishing email arrived in my client's inbox. Ideas where to look? Thank you!