This morning MailGuard detected a very large batch of scam emails with fake invoice links.
The scam emails we picked up today are linking to fake invoices with a variety of branding including ‘Russian Accent,’ ‘Capital Kitchen,’ ‘Allband Antennas,’ and many others.
Today’s incident follows a similar one yesterday which used fake ‘Bakerdays’ branding.
The screenshots below show the appearance of some of the fake invoice emails:
There are a very wide variety of brand-names being exploited by this scam. MailGuard has detected messages pretending to be from:
- The Hopkins Group
- Tijac Pty Ltd
- Lms Lawyers Services
- Catering Now
- Allcraft Cabinet Works
- Resolution Propety Group Pty Ltd
- Becton Property Group Limited
- Pearce-Higgins Simon
- OneLeap Finance
- Fence Factory
- Rocdon Development Pty Ltd
- Posh Opp Shoppe
- Red Earth Developments Australia Pty Ltd
- Mutual Property Consultant
- Brilliance Developments
- J N Mousellis Civil Contractors
- McInnes Management
- McKinnon Cabinetmakers
- Oxfam Shop
- FKP Property Group
- Jimmy Choo
- Silk Homes
- CT Corporate Living
- Native Design Workshop
- Dexus Property Group
- Burger Martine Dr.
- Mitchell Brandtman
- BO Group
- Burger Martine Dr.
- Asian Wok
Although there are a wide variety of brands included in these emails and the amounts of the fake invoices changes, all the messages seem to include the text ‘INV-0601’ in the subject line.
These messages appear to originate from newly registered domains, created through a Chinese registry company: intaras[dot]com; intaset[dot]com; intelts[dot]com; and intetel[dot]com.
As was the case in yesterday’s email attack, these messages contain a ‘View Invoice’ link which directs the victim to a .zip file on a compromised SharePoint account. If they download and open the .zip file, it activates JavaScript code which downloads malware to their computer.
Although MailGuard successfully intercepted these malicious email messages this morning, no other security vendors had blocked them, so there may be a lot of these scam emails landing in unprotected inboxes today.
Exercise caution if you see any messages from unfamiliar senders especially if they include the text ‘INV-0601’ in the subject line.
Similarly, beware of messages from senders with domain details; intaras[dot]com; intaset[dot]com; intelts[dot]com; or intetel[dot]com.
Criminal-intent email of this type can be extremely damaging. JavaScript payloads like the one these messages link to can do many things from installing malware or spyware on computers to encrypting files and locking hard drives.
Protect Your Inbox
All criminals need to break into your business is a cleverly worded email; if they can trick one person in your company into clicking on a malicious link they can gain access to your data.
For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.
Talk to an expert at MailGuard today about making your company's network secure: click here.
Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:
