MailGuard has recently intercepted an invoice email scam that purports to be from Virtual Headquarters (HQ).
Formatted in HTML, the email incorporates Virtual HQ’s branding and logo to appear like a legitimate invoice notification. The email uses a display name of ‘Virtual Headquarters’ and includes one of a large number of compromised email addresses as its sending address.
The body of the email advises recipients that a new invoice has been issued for services delivered by Virtual HQ, and payment will be automatically debited from their account.
Here is a screenshot of the email:
Recipients who click on the link to view the invoice are led to a blank page that MailGuard suspects leads to a phishing page or malicious file download.
Branded invoice scam emails like these are designed to generate panic among recipients, who are led to think they are about to be unfairly charged for services they have not employed. Clicking on the ‘view invoice’ button appears to be a wise move in that situation, in order to know more about the notification they have received.
Exercise caution if you see any messages from unfamiliar senders, especially if you haven’t employed their services prior to receiving the message.
This scam is very similar to other recent invoice scams, which have also targeted customers of Xero and MYOB. By brandjacking such popular companies, cybercriminals are leveraging on the well-established reputations these companies hold to trick users into thinking they are receiving legitimate notifications and therefore clicking on attached malicious links.
Secure your inbox
Effective cybersecurity requires a multi-layered strategy. For a few dollars per staff member per month, add MailGuard's predictive email security. You’ll significantly reduce the risk of malicious emails, like the one above, entering your network.
For a few dollars per staff member per month, add MailGuard's cloud-based email and web filtering solution to your business security. You’ll significantly reduce the risk of new variants of malicious email from entering your network. Talk to an expert at MailGuard today about your company's cybersecurity needs: firstname.lastname@example.org
Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update, or follow us on Twitter @MailGuard.