Warning: ‘Proforma invoice’ email downloads a malicious payload

Posted by Akankasha Dewan on 19 July 2019 11:12:03 AEST

MailGuard has intercepted a new email scam masquerading as a ‘Proforma invoice’ notification.

First detected yesterday, the 18th of July around 10 am (AEST), it appears the email was sent from a single sender. MailGuard understands that the domain used for launching this email scam has been created ad hoc for phishing attacks.

The body of the email is in plain-text, and begins by the greeting: “Good morning”. It advises recipients of the arrival of a “signed proforma Invoice” that will be processed for payment shortly. It asks the recipient to “confirm” the invoice and includes an attached Excel file.

Here is a screenshot of the email:

proforma invoice edited

Unsuspecting recipients who open the attachment end up downloading malicious content designed to execute when opened.

This email attack is not a very well-designed attack compared to some of the more sophisticated scams we see here at MailGuard.

The email in itself contains grammatical errors; a red flag to anyone conscious of email security concerns. For example, the email says, ‘Kindly confirm signed proforma Invoice, we will proceed to arrange your payment accordingly’.

The above email scam is, nevertheless, a great example of how cybercriminals can leverage routine business correspondence to trick unsuspecting recipients. Even if a potential victim doesn't recognise the sender details, they might conceivably download the file to satisfy their curiosity.

MailGuard urges all cyber users to be vigilant when accessing their emails and look out for tell-tale signs of malicious emails.

How can I protect myself from these types of email scams?

To reduce the risk of being tricked by one of these scams, you should immediately delete any emails that:
• Seem suspicious and ask you to download files or click any links within an email to access your account or other information.
• Are purporting to be from businesses you may know and trust, yet use language that is not consistent with the way they usually write (including grammatical errors)
• Ask you to click on a link within the email body in order to access their website. If unsure call the company/person directly and ask whether the email is legitimate.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. 
All criminals need to break into your business is a cleverly worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive email security.
Talk to an expert at MailGuard today about making your company's network secure: click here.


Stay up-to-date with new posts on the MailGuard Blog by subscribing to free updates. Click on the button below:

Keep Informed with Weekly Updates



Topics: Xero

Back to Blog


Something Powerful

Tell The Reader More

The headline and subheader tells us what you're offering, and the form header closes the deal. Over here you can explain why your offer is so great it's worth filling out a form for.


  • Bullets are great
  • For spelling out benefits and
  • Turning visitors into leads.

Recent Posts

Posts by Topic

see all