Debunking hoaxes and exposing scams since 2003!

Hoax-Slayer Logo

Fake 'Simply Carpets' Invoice Email Carries Malware


Jump To: Example    Detailed Analysis   Comments   References

Outline

Email that appears to come from a business called 'Simply Carpets of Keynsham Ltd' claims that you can view an invoice by opening an attached file. The message asks that you 'remit payment at your earliest convenience'.




Brief Analysis

Simply Carpets of Keynsham is a real business but the invoices sent in its name are not genuine. The attached file contains a malicious macro. The business notes via Twitter that their emails systems were compromised. If you receive one of these emails, do not open any attachments that it contains.

   





related Links
What's New   Top Ten   Special Features   Subscribe


Example

Subject: Invoice from simply carpets of Keynsham Ltd
Your invoice is attached.  Please remit payment at your earliest convenience.
Thank you for your business - we appreciate it very much.
Sincerely,

simply carpets of Keynsham Ltd

Detailed Analysis

'Simply Carpets' Email Claims you can View Invoice in Attachment

This email, which comes from a business called Simply Carpets of Keynsham, claims that you can view an invoice by opening an attached file.

The email requests that you pay the invoice 'at your earliest convenience'.

Invoice is Fake - Attachment Contains a Malicious Word Macro

Simply Carpets of Keynsham is a genuine business. However, the supposed invoice email is bogus.

The owner of the business has posted warnings on his Twitter account noting that the Simply Carpets email account was hacked and used to send out the scam messages.

If you open the attached Word document, you will receive a popup message asking if you wish to enable macros, supposedly to allow the document's contents to be viewed.

However, if you do enable macros (or if macros have been enabled previously), a malicious macro may then download and install a trojan. The trojan may then download and install further malware.

This attack is very similar to another recent malware campaign in which fake invoice emails claimed to be from UK Fuels.

Macro Threats Increasingly Common

A macro is a set of instructions that can be joined together as a single command as a means of automatically carrying out a specific task. Macros can increase efficiency and enhance workflows.

However, macros can also be used with malicious intent. Going back a number of years, Macro virus threats were actually quite common and most users would have been aware of them. Because later versions of Microsoft Office disabled macros by default, the threat became less prevalent.

But, criminals have now resurrected the practice. The criminals know that, because users are familiar with and trust Microsoft Word .doc files, they may be more likely to open them and enable macros as requested.

Unless you have a specific need for macros, it is wise to leave them disabled. Be very cautious of any message that claims that you must enable macros to view a document.




© Depositphotos.com/ maxkabakov


Last updated: January 13, 2015
First published: January 13, 2015
By Brett M. Christensen
About Hoax-Slayer

References
Simply Carpets - Keynsham, Bristol, U.K.
Simply Carpets Twitter - Email Scam
Simply Carpets Twitter - Account Hacked Warning
Fake UK Fuels E-Bill Message Contains Malicious Macro
Microsoft warns of increase in Adnel and Tarbir Trojan attacks on Excel and Word users