MailGuard is today blocking a large-scale run of email attacks aiming to implant malware with a single click.
Disguised as a reminder about an unpaid invoice from an ‘Accounts Payable’ worker, the generic email asks the recipient to arrange immediate payment of $38.50.
The email is not personally addressed to the recipient and has no contact name or company signature. The body text is the same for all recipients.
The email appears to be sent from a forged financial address. The scammers ask recipients to email an address matching the forged domain to confirm the payment has been made.
The email includes a .zip attachment that appears to be the invoice. If clicked by a curious recipient, a javascript file downloads a Trojan from a remote location on the internet.
The javascript file is obfuscated in an attempt by the scammers to evade antivirus software.
MailGuard has blocked the attack today which targeted a large volume of customers.
Why is this type of email scam dangerous?
By clicking and running the executable files, you are allowing malware to be installed in the form of a Trojan.
Trojans sit quietly in the background, taking actions not authorised by the user, such as modifying, stealing, copying or even deleting data.
This type of malware is most dangerous because the user may not notice it running in the background until they are made aware: this can be weeks or even months after the event.
How can I protect myself from these types of email scams?
To reduce the risk of being tricked by one of these scams, immediately delete any emails that seem suspicious and ask you to download files or click any links within an email to access more information.
By employing a cloud-based email and web filtering solution such as MailGuard, you’ll reduce the risk of new variants of malicious email from entering your network.
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.
