This week, CyberNasties are using a well-known social engineering trick to try to make company employees click on fake invoices to distribute a piece of malware. This is especially nasty, because they are trying to reach employees that work in company finance departments. They are hoping the employees either open the attachment, or get it forwarded by a co-worker that is not sure what it is so they send it to Accounting.
The emails are titled “Invoice #3404196 – Remit File”. They contain the following (or something similar): “The following is issued on the behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196 (dot).zip) received from your bank. Please print this label and fill in the requested information.”
If anyone in your organization opens the attachment, a malware dropper may get downloaded, which will pull down a large amount of malware that allows the CyberNasties to take over the whole machine.
The Moral of the Story: STOP – LOOK – THINK before you click.