MALWARE - 'Invoice Overdue Notification'
Outline'Invoice overdue' email claims that, if you do not pay the outstanding amount within 7 days, legal action will be taken to recover the money owed. You are invited to 'press a link' to view the original invoice.
© Depositphotos.com/ alexskopje
Brief AnalysisThe email is not a genuine overdue notification. Clicking the link in the message takes you to a website that contains malware. If you receive this message, do not click on any links or open any attachments that it contains.
Subject: Invoice overdue notification
We are writing to you about fact, despite previous reminders, there remains an outstanding amount of GBP 255.70 in respect of the invoice(s) contained in current email . This was due for payment on 31 August, 2014.
Our credit terms stipulate full payment within 3 days and this amount is now more than 14 days overdue. The total amount due from you is therefore GBP 355.44
If the full amount of the sum outstanding, as set above, is not paid within 7 days of the date of this email, we will have to begin legal action, without warning, for a court order requiring payment. We may also commence insolvency proceedings. Legal proceedings can take effect on any credit rating. The costs of legal proceedings and any other amounts which the court orders must also be paid in addition to the debt.
This email is being sent to you in accordance with the Practice Direction on Pre-Action Conduct (the PDPAC) contained in the Civil Procedure Rules, The court has the power to sanction your continuing failure to respond.
To view the the original invoice please press on link
We quick reaction to this email.
'Invoice Overdue' Email Threatens Legal Action if Bill Not Paid
You are advised to 'press a link' to view the original invoice.
Email is Not A Genuine Notification - Links to Malware
If you do click the link, you will be taken to a compromised website that automatically redirects to another webpage that hosts a version of the Angler Exploit Kit.
Angler EK is a malicious web application that can check your computer for outdated software that may be vulnerable to attack and exploit the vulnerabilities it finds to download and install various types of malware.
Details, such as the subject line, the amount due, and the name of the sender, may vary in different incarnations of the email.
Message Attempts to Panic Users into Clicking
Online criminals use such simple social engineering tricks constantly. While these ruses may seem transparent to more experienced computer users, many people still fall for them.
If you receive one of these bogus overdue invoice notifications, do not click any links or open any attachments included in the message.
Last updated: September 17, 2014
First published: September 17, 2014
By Brett M. Christensen