Scam: Fake Bakerdays Invoice Conceals Malware

Posted by Emmanuel Marshall on 04 December 2017 19:30:00 AEDT

This afternoon MailGuard intercepted a large batch of criminal-intent emails formatted to look like Bakerdays Quickbooks invoices. (See screenshot, above.)

These fake invoices are well designed, so they would not necessarily look suspicious to recipients based on their appearance. They even have a legitimate looking sender address: andrea[at]bakerdays[dot]com

Of course, if you aren’t doing business with Bakerdays then you really wouldn’t have any reason to click on the ‘view invoice’ button, but curiosity might get the better of you, mightn’t it?

The MailGuard team clicked the link (under protected conditions of course) so they could show you what happens.

The link takes the would-be victim to a JavaScript file hosted on a compromised SharePoint account.

Our team believe that the JavaScript downloads and executes malware stored on yet another compromised SharePoint account.


The really suspicious thing about this email is that the ‘invoice’ file is in .zip format. Scammers routinely use .zip format folders to disguise executable files. But you can see in the screenshot below that when the .zip is opened, the file type is ‘JavaScript.’


If in doubt, never click on links to JavaScript (.js) files. JavaScript is a powerful software code and can do a lot of damage when used for criminal ends.

No other security companies were detecting this threat when we first intercepted it. There are a lot of these emails going around - the MailGuard system detected thousands - so if you’re not a MailGuard client; please keep an eye out.


Protect Your Inbox

For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.

Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Cloud Email Security Cybersecurity cybercrime JavaScript malware

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all