New invoice email scam brandjacks Virtual HQ

Posted by Akankasha Dewan on 28 November 2018 16:40:02 AEDT

MailGuard has recently intercepted an invoice email scam that purports to be from Virtual Headquarters (HQ).

Formatted in HTML, the email incorporates Virtual HQ’s branding and logo to appear like a legitimate invoice notification. The email uses a display name of ‘Virtual Headquarters’ and includes one of a large number of compromised email addresses as its sending address.  

The body of the email advises recipients that a new invoice has been issued for services delivered by Virtual HQ, and payment will be automatically debited from their account.

Here is a screenshot of the email:

Virtual HQ scam

Recipients who click on the link to view the invoice are led to a blank page that MailGuard suspects leads to a phishing page or malicious file download.

Branded invoice scam emails like these are designed to generate panic among recipients, who are led to think they are about to be unfairly charged for services they have not employed. Clicking on the ‘view invoice’ button appears to be a wise move in that situation, in order to know more about the notification they have received.

Exercise caution if you see any messages from unfamiliar senders, especially if you haven’t employed their services prior to receiving the message.

This scam is very similar to other recent invoice scams, which have also targeted customers of Xero and MYOB. By brandjacking such popular companies, cybercriminals are leveraging on the well-established reputations these companies hold to trick users into thinking they are receiving legitimate notifications and therefore clicking on attached malicious links.

Secure your inbox

Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious emails, like the one above, entering your network. 

For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs:

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.

Keep Informed with Weekly Updates


^ Back to Top

Topics: Phishing email scam Cybersecurity cybercrime

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all