Bogus 'ISGEC Heavy Engineering' Invoice and Payment Slip Email Contains Malware
This email, which was supposedly sent by the accounts department at ISGEC Heavy Engineering, claims that you can review a Proforma Invoice for a recent purchase by opening an attached file.
The message requests that you reconfirm your bank account details so that your payment can be deposited. The email includes contact details for an accounts department staff member.
ISGEC Heavy Engineering is a real company based in India. However, the company did not send this email. And the attachment does not contain an invoice.
Instead, the attached .rar file contains a malicious .exe file that - if opened - can install malware on your computer. The exact purpose of the malware may vary. Typically, however, such malware can download and install further malware, harvest information such as passwords from the infected computer, and connect to remote servers operated by criminals.
Note that there are many variations of the emails used in this malware campaign. Alternative versions may use the names of other companies. Dates, attachment names and other details may also vary considerably.
Be very wary of any unsolicited email that claims that you can review an invoice or payment document by opening an attached file. This is a very common criminal tactic.
Subject: Re H2278/15 - INVOICE & PAYMENT SLIP/[Current Date]
With reference to our previous conversation we have attached here with your Proforma Invoice for purchase made.
You are kindly requested to reconfirm bank account details in the attached invoice for us to arrange for
deposition of your payment.
Please confirm by return mail. Please run the file to view the attachment.
Thank you and kind Regards,
Andi [Surname removed]
Sr. Engineer ( Materials)
ISGEC Heavy Engineering
Last updated: April 14, 2015
First published: April 14, 2015
By Brett M. Christensen
Threat Outbreak Alert RuleID6396KVR
Malware Threat Articles