Those awfully nice people at Sage (a producer of popular accounting software) have been in touch, to let me know that I need to make a bank transfer… and the deadline is today!
Subject: RE: Invoice #3902876
Please remit BACs before 12/06/2014.
Please view complete invoice please click here
Well, I hate to be in debt and like to pay my bills on time – so lets see what happens if I click on the link.
Perhaps surprisingly, those awfully nice people at Sage have decided to use the cloud storage site Cubby (a Dropbox competitor) to host the invoice, which they have provided as a ZIP file.
Hang on a minute – wasn’t it Invoice #3902876 earlier?
Inside the ZIP archive is another file, Invoice_00739287.scr.
If your alarm bells weren’t already triggering earlier in the process then they really should be by now. .SCR in a filename stands for screensaver, and it’s just a repackaged Windows executable file.
Hopefully you all know that running executable files of suspicious origin on your PC puts you at risk.
Is it be possible that those awfully nice Sage people who contacted me are actually a terribly nasty bunch of online fraudsters attempting to infect my PC with malware?
I uploaded the file to VirusTotal, which showed me just under 50% of the products in their list identifying the file as a Trojan horse, most likely designed to grant hackers remote access to your computer and allow them to steal your banking information.
Spamming out bogus invoices is a typical social engineering trick used by cybercriminals in an attempt to infect your computer and gain access to your online bank account. Often the attackers will forge an email’s header information to pretend to come from a well-known company, and hide their true identity.
With hundreds of thousands of new malicious files are discovered every day – more than one every second – it’s essential to keep your wits about you, and your security software updated.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.