Fake invoice warning

Here is a quick blog post to warn you of targeted attempts to distribute malware by unknown and hostile persons. Over the last few weeks we have been sent numerous emails similar to the one below:

Screenshot - 28_04_2016 , 09_02_12At a first glance it looks relevant. It is addressed to me personally, it references my place of work, it has some invoicing details that could conceivably be genuine. However, alarm bells should be ringing as it is from a contact I have never heard of, the company is not relevant, the email address is not consistent with the contact name, and the email is hosted from an american cable TV/ISP company. This type of email has been dubbed a spear-phishing attack by threat researchers.

If you were to download and open the MS Word file it contains a macro which deploys a Malware payload which sniffs out data on your computer and sends it back to the command and control server. More info at:

The return of the Microsoft Word macro virus

A colleague was recently infected by malware distributed by opening a MS Word document. Whilst the infection was caught and dealt with quickly they were unfortunately a victim of online bank fraud a few weeks later which may, or may not be connected, but the timing is highly suspicious. Here is a reminder to:

  • Only open expected email attachments that come from a trusted source.
  • Don’t rely on all anti-malware software to detect viruses in email attachments as not all macro viruses are detected by antivirus software.
  • Delete any suspect emails without opening them.