The Spam Gallery is a series of posts that give examples of spam messages, explaining telltales signs of how they are spam.
This email is humorous to me because I used to work with someone named Magaly and I thought it was a pretty unique name. But some of the standout features of this email are:
- The FROM address is from my domain, which is a personal domain. In a corporate environment, this could be convincing, since “officejet” is the name of a print server.
- The subject says the email has been forwarded twice, but the body of the email shows no headers from previous recipients
- The email was sent at midnight.
- The “document” is not attached, but is linked. This is backwards of the spam that had the ZIP file attachment, where you would expect it to be a link. in this case, you would expect it to be attached, since the print server is usually a small network device, not a file server.
In a corporate environment, this email could be convincing. You may not know what printers/scanners are available, nor who would be sending files like this. The best clues to spot this as spam are the “fwd” tags in the subject.