Debunking hoaxes and exposing scams since 2003!





Jump To: Example    Comments   References

Bogus 'ISGEC Heavy Engineering' Invoice and Payment Slip Email Contains Malware


Jump To: Example    Comments   References

This email, which was supposedly sent by the accounts department at ISGEC Heavy Engineering, claims that you can review a Proforma Invoice for a recent purchase by opening an attached file.

The message requests that you reconfirm your bank account details so that your payment can be deposited. The email includes contact details for an accounts department staff member.

ISGEC Heavy Engineering is a real company based in India. However, the company did not send this email. And the attachment does not contain an invoice.

Instead, the attached .rar file contains a malicious .exe file that - if opened - can install malware on your computer. The exact purpose of the malware may vary. Typically, however, such malware can download and install further malware, harvest information such as passwords from the infected computer, and connect to remote servers operated by criminals.

Note that there are many variations of the emails used in this malware campaign. Alternative versions may use the names of other companies. Dates, attachment names and other details may also vary considerably.

Be very wary of any unsolicited email that claims that you can review an invoice or payment document by opening an attached file. This is a very common criminal tactic.

   

Share







Bookmark and Share




Example

Subject: Re H2278/15 - INVOICE & PAYMENT SLIP/[Current Date]

Good morning,

With reference to our previous conversation we have attached here with your Proforma Invoice for purchase made.

You are kindly requested to reconfirm bank account details in the attached invoice for us to arrange for deposition of your payment.

Please confirm by return mail. Please run the file to view the attachment.

Thank you and kind Regards,

Accounts Department
Andi [Surname removed] Sr. Engineer ( Materials) ISGEC Heavy Engineering [Address removed] Tel [removed] Direct [removed] Fax [removed]

Fake Invocie Emails Contain Malware

Last updated: April 14, 2015
First published: April 14, 2015
By Brett M. Christensen
About Hoax-Slayer

References
Threat Outbreak Alert RuleID6396KVR
Malware Threat Articles