© Depositphotos.com/ kentoh
Subject: ACTION REQUIRED: A document has arrived for your review/approval (Document Flow Manager)
This message is for the designated recipient only and may contain privileged, proprietary, or otherwise private information. If you have received it in error, please notify the sender immediately and delete the original. Any other use of the email by you is prohibited.
Record ID: 39AHUSGVYA7UGCR
Supplier: Link Removed]
Invoice No.: 0910162940
Document No.: 5642884532
Invoice amount: USD 9599.84
Rejection reason(s): Approval Required
Please find enclosed a record of invoice that could not be processed. We would like to ask you to assist us in resolving the noted rejection reasons.
The message uses fake record identifier's and document and invoice numbers to make its claims seem a little more believable. It also creates a fake "Supplier" web address by using the domain name in the recipient's email address. The criminals hope that at least a few recipients, confronted by what they believe is an invoice for a large sum of money, will be panicked into opening the attachment and running the .exe file.
Networking and security firm Cisco reported on an almost identical version of the malware email back in February 2013. The specified invoice amount and other details may vary in different incarnations of the scam.
Last updated: December 9, 2013