There has been an increase in invoice scam campaigns being produced by spammers. These campaigns trick you into clicking on what you presume to be an invoice link but is actually a download to a malicious file.
This file will either download malware to your computer or it will phish for information.
When you initially get a spam message – which is typically very generic in nature, the spammer aims to create a sense of urgency (claiming the invoice is past due) to get you click on their malicious link.
THINGS TO LOOK OUT FOR
If you should receive one of these emails, make sure to take note of the spelling and punctuation. More times than not, these phishing attempts have poor grammar and several misspellings.
Also, check the return email address carefully. The email may say it is from one company, but the return address may be very different – and very “phishy.”
Spammers sometimes will use a picture as the hyperlink. Keep in mind who the email is claiming to represent, and make sure the link you are about to click looks credible – i.e. a docusign link being from docusign.
The pictures you see below have used the excel icon in the first; and in the second image they make the image look blurry so you see there is content there and try to click and log in in an attempt to see it.
To help protect yourself from such spam, it is a good idea to have a spam filter in place, such as AppRiver’s SecureTide.