New Russian Invoice Scam Targets Businesses

Mailguard is reporting a new phishing scam that uses the old “here is an invoice for you to review” or “here is a purchase order for you to review”.

A screenshot of one of the emails is shown below.


In both cases, the malware takes advantage of a vulnerability in Word that has been patched, but the patch may not be installed.

The malware operates with the same rights that the user has, so if the user is an admin, so will the malware be.

Mailguard says that only 5 of 60 “traditional” Anti Virus vendors detected this and of course, all the authors need to do is change the encryption key for the malware and signature based (traditional) anti virus products would be blind to it again.

This is a great teaching moment for companies.

ANY email like this needs to be scrutinized VERY closely.  If your people are not expecting an invoice or PO from that sender or don’t normally see POs or invoices, then they should contact IT and not open the attachment.

In addition, people can call the sender and verbally confirm the contents of the email.  DO NOT USE EMAIL TO VERIFY EMAIL -It is possible that email on one end or the other or both may be compromised.

Finally, companies should consider creating a secure portal for vendors to submit files.  The portal would have to be hacked in order for an attacker to spoof a legitimate user unlike email which has no security in it.  While not perfect, it is significantly better than the non-security of email.

Information and the screenshot for this post came from Mailguard.

Leave a Reply

Your email address will not be published.