Popular coffee brand, FiveSenses, is the subject of the latest email scam. In yet another example of how cybercriminals attempt to brandjack trusted, well-known and familiar brands, the email includes a ‘Payment Advice’ in an attempt to trick coffee lovers, restaurant and café owners to investigate further.
With the subject ‘Payment Advice’ the email sender display name is disguised to appear like the legitimate email address for Orders@ FiveSenses. We have obscured the address in the email below, but to the naked eye it appears the real thing. It is actually a compromised account, not related to FiveSenses.
The email confirms that a payment has been processed and asks recipients to refer to the ‘Payment Reference’ attached. This attached file is actually a link to a malicious downloadable file, most likely a form of ransomware, designed to infect the recipient’s computer network.
Why is ransomware dangerous?
When ransomware files have been run by the email recipient or web user, the malware encrypts files on the local device and possibly the entire network.
The user or business is then held to ransom, with a Bitcoin fee usually demanded in return for the decryption key for the files.
How can I protect myself from these types of email scams?
To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
- Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
- Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)
- Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.
For a few dollars per staff member per month, add MailGuard's cloud-based email filtering protection to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Stay up-to-date with new posts on the MailGuard Blog by subscribing to our email updates.