Generic invoice email is a phishing scam

Posted by Akankasha Dewan on 22 November 2018 16:41:49 AEDT

MailGuard has intercepted a generic invoice email that leads to a phishing page. 

This email is not a very well designed attack compared to some of the more sophisticated scams we see here at MailGuard. The email is in a plain text format and contains grammatical errors; a red flag to anyone conscious of email security concerns. It directs recipients to click on an attached invoice and contains reference numbers of the invoice.  

There are 2 subjects used in this phishing email attack:

  • ‘Please overdue statement and remit payment at your earliest!’
  • ‘Incoming New-Invoice Received’

Here is a screenshot of the email with the first subject line:

1st subject line

And here is the second:

2nd subject line

Using a display name of the ‘Accounts Dept’, the body of both emails contain no text other than the signature of the compromised account. The designation mentioned in the signature is ‘Accounting Manager’.

Both emails have a .pdf file attached, which includes a link to ‘view file’.

PDF attached

This link leads to an Office 365 phishing page, requesting users to enter their email address and password to view the file.

0365 phishing pageThis invoice-related phishing scam is a good reminder of how innocent-looking, plain emails can, in fact, be malicious. As simple as they may seem, these attacks are happening all too regularly, and with devastating effect. Not only can they gain access to confidential data of individual employees and firms, they can, ultimately, inflict significant financial and reputational damage on an organisation.

Tell-tale signs of phishing scams

  • A sense of urgency
  • Bad grammar or misuse of punctuation and poor-quality or distorted graphics
  • An instruction to click a link to perform an action (hover over them to see where you’re really being directed)
  • Obscure sending addresses (for example, Hotmail, gmail, Yahoo addresses should set alarms bells ringing)

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all