Invoice Due Scam
In this type of scam, an invoice is sent as a Word document that looks official with an invoice number attached. Often times the attachment requires a password to open it, which adds to the apparent authenticity. However, when such a document is opened (whether it is an Excel, PDF, or Document file) it likely will launch a hidden macro sequence that installs malware onto your computer that could possibly encrypt files, steal your data, or launch an email program that begins spamming all of your contacts in your address book. Always remember that most malware is installed by clicking on file attachments that THEN launch the attack.
Below is a copy of an email I received as part of an obvious phishing attempt.
There are several things to note about this email:
- First off, the From email does not match the details in the body of the email.
- It was not emailed directly to me but hidden in a BCC field which implies in was sent to many other victims at the same time, hoping to catch a few fish with the same bait.
- Password protected files should only be activated after your confirm that the sender is legitimate or when you were expecting in advance to receive such a file from that sender.
- Given that it has a couple of phone numbers, you could Google search this numbers to see if it looks legitimate. When in doubt, call them from a blocked number or Google Hangouts wo they won't trace it back to you in case it is a scammer.
- You could HOVER your mouse over the hyperlinks to see if they point at the same location as shown in the text. If they don't match, don't click! If they do match, and it doesn't look like a suspicious link, check it out to see who it might be from. In this case, the Facebook and company website links did point to the actual business pages so you could call them to ask if such an invoice was sent and why. Since I did not do any business with them, and the from email is different, it is likely a scam.
- Finally, this email was caught by my spam filter and the attachments were quarantined. I therefore did not move it back to my regular inbox or attempt to open the attachments.
By following some of these Tips & Tricks, you can easily avoid being scammed or opening fraudulent phishing emails that put your computer, your data, and your identity at risk.
If you have an experience with this or similar type of scam, we'd love you to share in the comments below. Keep it clean but be specific in the details so other students can benefit from your story. If it is really good, perhaps we'll turn it into a separate lecture in your honor!