Email scam uses Google Docs to deliver malicious payload

Posted by Akankasha Dewan on 16 May 2019 16:39:47 AEST

Through minor modifications in their approach, cybercriminals are often able to develop new threat variants in an attempt to bypass existing security solutions.

MailGuard intercepted another variant of a payload email scam infiltrating Australian inboxes. They were first detected on Wednesday morning, the 15th of May (AEST).   

The plain-text emails were sent via a large number of free mail providers. Approximately half of these came from domains such as and Titled ‘Order Confirmation’, the emails informed recipients that their order is ready for shipping, and a PDF version of their order can be accessed via a Google Docs link unique to each email.

Here is a screenshot of the email:

order confirmation

Unsuspecting recipients who click on the link to the Google Docs are led to to a zip archive hosted within Google docs, as per the below screenshot:

Opening SN_6569753348.zip_652 (002)


The archive contains a malicious visual basic script designed to infect recipients’ systems.

While large-run of malicious emails is in plain-text, it does attempt to boost its legitimacy in several ways. These include the presence of an order number to make the purchase seem more credible and a call to contact the company if their order isn’t received within a specific time frame.

MailGuard urges all email users to be vigilant when accessing their inboxes, and to look out for tell-tale signs of malicious emails.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)
• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all