Fake Invoice Scam: Don't Click on JavaScript Files

Posted by Emmanuel Marshall on 18 January 2018 15:13:00 AEDT

MailGuard has detected a fake invoice email linking to JavaScript malware stored on a Zoho Docs service.

The sender display name is ‘Asset Associated Air Pty Ltd’ and the fraudsters behind this email have used fake Quickbooks branding to try and convince people it’s a legitimate message (see image above).

The objective of this kind of generic invoice scams is to get an unwary recipient to click on the view invoice button and open the linked file. The JavaScript contained in the file is a ‘dropper,’ which covertly installs a virus or trojan of some sort onto the infected computer.

Scammers use droppers to install spyware, keyloggers, worms and ransomware onto their victim’s devices.

If you see this email arrive in your inbox, delete it immediately to avoid harm to your system.


Make Your Inbox Safe

All criminals need to break into your business is a cleverly worded email. If they can trick one person in your company into clicking on a malicious link they can install malware on your computer system and gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's cloud-based email and web filtering security.

Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: QuickBooks email scams Threat Update Zoho

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all