Invoice Scam Alert: Malicious email mimics Invoice2Go

Posted by Akankasha Dewan on 15 April 2019 16:58:46 AEST

A new email scam impersonating the popular invoicing app, Invoice2Go is hitting Australian inboxes. Cybercriminals are sending hoax invoice notifications purporting to be from the company to users. These malicious emails were first detected by MailGuard Monday morning (AEST).  

Sent by one of several compromised accounts, the emails use a display name of 'Invoice2go'. The email advises the recipient that their ‘invoice has not been opened yet' and includes a link to view the invoice.

The link currently leads to a blank page. However, MailGuard has discovered that in some cases, the link triggers the download of a malicious file.

Here is the screenshot of this email scam:


 Some effort has gone into making this malicious email convincing enough to deceive victims; the design is decently executed as you can see in the screenshot above, with the inclusions of Invoice2Go’s branding and logo, that makes it look a lot like a genuine communication from the company. The usage of the subject ‘unopened invoice’ also creates a sense of mystery and urgency, motivating the recipient to view the invoice to see what it contains.

MailGuard urges all cyber users to be vigilant when accessing their emails and look out for tell-tale signs of malicious emails.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)
• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff.  Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all