Fake 'Simply Carpets' Invoice Email Carries Malware
OutlineEmail that appears to come from a business called 'Simply Carpets of Keynsham Ltd' claims that you can view an invoice by opening an attached file. The message asks that you 'remit payment at your earliest convenience'.
Brief AnalysisSimply Carpets of Keynsham is a real business but the invoices sent in its name are not genuine. The attached file contains a malicious macro. The business notes via Twitter that their emails systems were compromised. If you receive one of these emails, do not open any attachments that it contains.
- Macro Virus Threat Returns - Beware Emails With Malicious Word Attachments
- Fake UK Fuels E-Bill Message Contains Malicious Macro
- Fake Adobe Invoice Email Contains Malicious Macro
Subject: Invoice from simply carpets of Keynsham Ltd
Your invoice is attached. Please remit payment at your earliest convenience.
Thank you for your business - we appreciate it very much.
'Simply Carpets' Email Claims you can View Invoice in Attachment
The email requests that you pay the invoice 'at your earliest convenience'.
Invoice is Fake - Attachment Contains a Malicious Word Macro
The owner of the business has posted warnings on his Twitter account noting that the Simply Carpets email account was hacked and used to send out the scam messages.
If you open the attached Word document, you will receive a popup message asking if you wish to enable macros, supposedly to allow the document's contents to be viewed.
However, if you do enable macros (or if macros have been enabled previously), a malicious macro may then download and install a trojan. The trojan may then download and install further malware.
This attack is very similar to another recent malware campaign in which fake invoice emails claimed to be from UK Fuels.
Macro Threats Increasingly Common
However, macros can also be used with malicious intent. Going back a number of years, Macro virus threats were actually quite common and most users would have been aware of them. Because later versions of Microsoft Office disabled macros by default, the threat became less prevalent.
But, criminals have now resurrected the practice. The criminals know that, because users are familiar with and trust Microsoft Word .doc files, they may be more likely to open them and enable macros as requested.
Unless you have a specific need for macros, it is wise to leave them disabled. Be very cautious of any message that claims that you must enable macros to view a document.
© Depositphotos.com/ maxkabakov
Last updated: January 13, 2015
First published: January 13, 2015
By Brett M. Christensen
Simply Carpets - Keynsham, Bristol, U.K.
Simply Carpets Twitter - Email Scam
Simply Carpets Twitter - Account Hacked Warning
Fake UK Fuels E-Bill Message Contains Malicious Macro
Microsoft warns of increase in Adnel and Tarbir Trojan attacks on Excel and Word users