Akankasha Dewan 06 April 2020 17:45:31 AEST 2 MIN READ

Email uses image designed as “remittance advice” attachment to deliver malicious payload

Don’t be too quick to believe everything you read in an email, especially if it’s been sent by someone you weren’t expecting to hear from.

Multiple inboxes are being hit by malicious emails, all masquerading as “remittance advice”. Using a display name of “Accounts”, the emails are titled “Remittance’’ along with a reference number. The email informs recipients to see “attached remittance advice for payment released today’’ and directs them to “contact finance helpdesk’’ if they have any queries. An image is included at the top of the email body which is designed to look like a PDF attachment. It is titled “Remittance Advice.PDF”.

Here is a screenshot of the email:

Accounts scam social

Unsuspecting recipients who click on the image are led to a URL which automatically downloads a file in the java archive format '.JAR', as per the below:

Accounts scam payload

This is a malicious payload designed to infect systems.

Some of the subtle hints that this email is not legitimate, are the lack of a personalised greeting and multiple spacing and grammatical errors.

A simple, common sense way to spot a scam is to ask yourself if you know the sender, or if you should reasonably expect to receive an email from them. If not, or if you’re in doubt, don’t open it and don’t reply. In most cases, that advice will be sufficient, but if you work in the accounts payable department at a medium to large sized company, knowing the details for every vendor may not be so simple. Always exercise caution when opening email.  

As a precaution, MailGuard urges you not to click links within emails that:

  • Are not addressed to you by name.
  • Appear to be from a legitimate company but use poor English, or omit personal details that a legitimate sender would include.
  • Are from businesses that you were not expecting to hear from.
  • Take you to a landing page or website that is not the legitimate URL of the company the email is purporting to be sent from. 

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates