I don’t use printers much.

It’s not that I have anything against them—I just don’t really need them. As someone who works in IT, nearly everything I interact with lives on a screen. PDFs, reports, logs, dashboards, code. Paper feels oddly foreign now. The whole business of printing things out, waiting for the warm hum of a machine, and picking up a sheet with ink still drying... it’s a ritual that belongs to a different era.

But every so often, I find myself using the office printer. And not long ago, I stood at our Xerox machine, watching it churn out some training material. I felt a bit smug, I’ll admit it. I understood how print queues worked. I’d mapped the drivers, figured out the networked tray settings. This wasn’t magic—it was predictable, logical, even elegant in a clunky sort of way.

I was just about to walk away when something crossed my mind.

What if I used this printer as the basis for a phishing campaign?

That was it. That tiny, offhand thought. But like most good pretexts, it started with observing the normal. Everyday details are where the best phishing ideas hide.

Why Printers?

Printers occupy a strange space in most organisations. They're everywhere, yet invisible. Nobody really knows how they work—but everybody expects them to work flawlessly. And when they don’t, panic ensues.

From a social engineering perspective, this is gold.

One common trick is to spoof a scan-to-email message. Something simple like:

With an attachment (often a PDF that links to a credential-harvesting page) and a helpful line below:

It’s elegant because it mirrors what employees already expect. Many companies use multifunction printers that email scans directly to inboxes. Nobody questions it.

But that got me thinking—how else could someone gather printer intelligence for a phishing pretext?

The Recon Call

Let’s say you want to really target a business. You need details. You want the exact printer model, maybe even the internal hostname or IP range, to tailor your spoofing more convincingly.

So you make a call. Nothing aggressive—just polite, administrative, boring.

You add a slight urgency:

That’s it.

Nine times out of ten, someone gives you the model, sometimes even the serial number. Occasionally, they’ll walk over to the printer and read off the display.

And just like that, you’ve got the information you need to craft a much more believable phishing email.

From Thought to Threat

This wasn’t a campaign I planned. It was a passing moment while waiting for a page to print. But that’s often where the best ideas begin—not in the lab, but in the hallway, in the breakroom, in the quiet observations of how people interact with machines they don’t fully understand.

The takeaway? It doesn’t take a complex exploit to trick someone. Just a believable story, built on familiar ground. And printers—mundane, ubiquitous, forgotten—offer exactly that.

So the next time you’re at the printer, waiting for your pages, ask yourself:

What would an attacker notice here that no one else does?

🔥 Tooling Roundup

Some interesting Tools to experiment and play with:

• Shodan

  • What it does: Searches internet-connected devices.

  • Why it's useful: You can look for exposed printers by make and model, get firmware versions, and even find misconfigured scan-to-email portals.

  • Website: https://www.shodan.io

• Phishery

  • What it does: Creates Word documents that ask for credentials via HTTP Basic Auth.

  • Why it's useful: Perfect for embedding in a spoofed "scanned PDF" that tricks users into entering login details.

  • GitHub: https://github.com/ryhanson/phishery

Did You Know? Back in the late 1980s, a Dutch programmer named Guido van Rossum was stuck at home over the holidays with a side project and a big idea. He wanted to create a new scripting language that was as powerful as the big boys but as simple and readable as plain English. While working on it, he was also reading scripts from the British comedy group Monty Python—and just like that, the name Python stuck

Till next time,

John