This afternoon MailGuard intercepted a large batch of criminal-intent emails formatted to look like Bakerdays Quickbooks invoices. (See screenshot, above.)
These fake invoices are well designed, so they would not necessarily look suspicious to recipients based on their appearance. They even have a legitimate looking sender address: andrea[at]bakerdays[dot]com
Of course, if you aren’t doing business with Bakerdays then you really wouldn’t have any reason to click on the ‘view invoice’ button, but curiosity might get the better of you, mightn’t it?
The MailGuard team clicked the link (under protected conditions of course) so they could show you what happens.
The link takes the would-be victim to a JavaScript file hosted on a compromised SharePoint account.
Our team believe that the JavaScript downloads and executes malware stored on yet another compromised SharePoint account.
The really suspicious thing about this email is that the ‘invoice’ file is in .zip format. Scammers routinely use .zip format folders to disguise executable files. But you can see in the screenshot below that when the .zip is opened, the file type is ‘JavaScript.’
If in doubt, never click on links to JavaScript (.js) files. JavaScript is a powerful software code and can do a lot of damage when used for criminal ends.
No other security companies were detecting this threat when we first intercepted it. There are a lot of these emails going around - the MailGuard system detected thousands - so if you’re not a MailGuard client; please keep an eye out.
Protect Your Inbox
For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
