Money

‘Fake invoice’ scam hitting Aussie emails today

In this just-discovered scam, fraudsters pretend to be from a big e-payment provider.

One of Australia’s top online security companies is warning of an ingenious new scam, that comes in the form of a receipt.

MailGuard, which detects online fraud attempts on behalf of companies and claims to be often ahead of larger virus-protector companies in uncovering new scams, said the newest attempt to defraud web-users only emerged today.

Fraudsters are bulk-emailing a fake receipt or invoice from what it appears to come from the legitimate Australia-based site called eway-com.au. Eway is an online payment system provider that’s used by more than 25,000 Australian retailers, including the New South Wales road toll system.

The emails tell the recipient that their purchase has been approved and that the new products will be delivered to the address provided in an attached email.

But the Word document attached to the email is not a genuine invoice, it’s a ‘malware downloader’ and, as soon as you open the attachment and select ‘enable editing’ as the email instructs, the scammers are given access to your computer, as well as allowing them to potentially install malware files such as Trojans or keyloggers.

“A keylogger is a form of spyware that can collect and record your keystrokes. It can see what you write in an email, what password you enter on a banking website, or any other information you provide online,” MailGuard CEO Craig McDonald says.  “Trojans sit quietly in the background, taking actions not authorised by the user, such as modifying, stealing, copying or even deleting data.”

It may take a PC user months to notice that this type of malware has been installed on their computer, giving scammers ample time to empty their bank account, McDonald adds.

He says there are a few signs to look out for when trying to identify whether an email is from a legitimate source.

“Strange grammar choices and the liberal use of exclamation marks and capital letters in the subject line – “Receipt of APPROVED order!!!” – are good indications that it’s not the work of a reputable brand,” the fraud expert says.  “The sender address – informdesk@estoreway.info – is another red flag for anyone savvy enough to Google the real domain name of eWAY.

“For those unlucky enough to have clicked the dodgy attachment, the subsequent instructions showing recipients how to ‘enable editing’ should ring alarm bells. This effectively give cybercriminals the right to access your computer.”

MailGuard offered some examples (below) of what the fake emails look like. 

Eway did not immediately respond to Starts at 60’s request for comment.

Have you received one of these dodgy emails? Do you use online payment systems?

Source: MailGuard

 

Source: MailGuard
MoneyThe latest newsNews
Share:
Share via emailShare on FacebookShare on TwitterShare on Pinterest

Want to read more stories like these?

Join our mailing list to receive the latest news, competitions, games, jokes and travel ideas.