Akankasha Dewan 01 April 2020 17:13:33 AEDT 3 MIN READ

Plain-text email containing “payment” details suspected to deliver malicious payload

MailGuard has intercepted a new email scam masquerading as a new ‘payment’ invoice notification.

Interestingly, there are multiple variations of this email scam. Almost each variation uses a unique subject line, with a different display name and sending address. In some cases, the display name used in the emails is identical to the sending address. In addition, almost all the plain-text emails contain a unique attachment in the form of a .XLS file. All variations, however, contain a single line in the message body, directing recipients to “see attached’’.

 Here is a screenshot of the email: 

Invoice scam social edited

This attachment is suspected to be a malicious payload designed to infect systems. MailGuard advises all recipients of this email to delete it immediately without opening any attachments. 

Cybercriminals behind this scam attempt to evade detection by sneakily including multiple different subject lines and display names that are unique to almost every email. However, the email in itself is not very well-designed compared to some of the more sophisticated scams we see here at MailGuard. The email doesn’t address the recipient directly and has almost no message in its body; a red flag to anyone conscious of email security concerns.

The interesting thing about this attack is that it demonstrates how easy it is for criminals to operate these sort of scams. A simple email of this kind could be based on inexpensive malware, bought through a dark web portal, and run from a phone.

MailGuard urges all cyber users to be vigilant when accessing their emails and look out for tell-tale signs of malicious emails.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of emails and whatever happens, do not open or click them.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email is all that it takes

All that it takes to break into your business is a cleverly-worded email message. If scammers can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network.

Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates