Akankasha Dewan 17 October 2019 11:33:59 AEDT 3 MIN READ

Warning: This invoice attachment contains a phishing scam

Invoices can be very costly indeed – and not always in the traditional sense. A recent phishing invoice email scam detected by MailGuard is designed to trick victims into revealing their confidential data.

First intercepted in the early evening (AEST) of 14th October 2019, the email appears to have been sent by a single compromised email address.

Titled ‘Invoice INV# - Payment’, the email has no body, and only contains an attachment that is supposedly an invoice receipt.

Here is a screenshot of the email below:

Invoice email edited 15_10

Unsuspecting recipients who open the attachment are led to what appears as an invoice receipt that contains details of multiple payments. To ‘download’ the actual invoice, users are directed to click on a link, as per the below screenshot:

Invoice edited 15_10


Unsuspecting recipients who click on the link to download the invoice are led to a phishing page using fake Microsoft Office 365 branding:

Invoice phishing page edited 1510

This page is designed to harvest users’ login credentials.

The email in itself is not very well-designed compared to some of the more sophisticated scams we see here at MailGuard. The email has no message in its body; a red flag to anyone conscious of email security concerns. The graphics used in the later stages of the scam, however, are designed using high quality graphical elements. This is all done to boost the credibility of the phishing pages, and convince recipients that they are actually from Microsoft Office 365.

The interesting thing about this attack is that it demonstrates how easy it is for criminals to operate these sort of scams. A simple email of this kind could be based on inexpensive malware, bought through a dark web portal, and run from a phone.

MailGuard urges all cyber users to be vigilant when accessing their emails and look out for tell-tale signs of malicious emails.

Whilst MailGuard is stopping this email scam from reaching Australian businesses, we encourage all users to be extra vigilant against this kind of email and whatever happens, do not open or click them.

Phishing continues to be one of the most prevalent forms of cyber-crime. The vast majority of online scams - more than 90% - are perpetrated using email, so it’s wise to always be skeptical of messages from unfamiliar senders asking you to log into your accounts.

What to look out for

As a precaution, avoid clicking links in emails that:

  • Are not addressed to you by name, have poor English or omit personal details that a legitimate sender would include (e.g. – tracking ID).
  • Are from businesses you’re not expecting to hear from.
  • Ask you to download any files, especially with an .exe file extension.
  • Take you to a landing page or website that does not have the legitimate URL of the company the email is purporting to be sent from.

Don't get scammed

If your company’s email accounts aren’t protected, emails like the one above are almost certainly being received by your staff. Cybercriminals know people can be tricked; that’s why they send out millions of scam messages and put so much effort into making them look convincing.

People are not machines; we're all capable of making bad judgement calls. Without email filtering protecting your business, it’s just a matter of time before someone in your organisation has a momentary lapse of judgement and clicks on the wrong thing.

One email

Cybercriminals use email scams to infiltrate organisations with malware and attack them from the inside. All criminals need to break into your business is a cleverly-worded message. If they can trick one person in your company into clicking on a malicious link they can gain access to your data.

For a few dollars per staff member per month, you can protect your business with MailGuard's predictive and advanced email security.

Talk to a solution consultant at MailGuard today about securing your company's network. 


Why not stay up-to-date with MailGuard's latest blog posts by subscribing to free updates? Subscribe to weekly updates by clicking on the button below.

Keep Informed with Weekly Updates