August 2016 – The latest round of spam emails invite the reader to view an invoice that is attached to the email.

What I find alarming is the spammer has managed to send these spam emails to email addresses which are not in the public domain.

They are email addresses we setup for specific use, often with a single company. Put simply, they are forwarders.

• companyname@mydomain.com – (redirects to our main mailbox)

Which basically means, our forwarder security has been compromised. There is no way that a spammer could have discovered these addresses in the public domain.

Typical Spam Email

Here are 4 that arrived in at the same time.

Hello XXX,
You will see your invoice (ID. 4375900 – 2802.74 AUD) included to this notification. We respectfully request you to remit payment at your earliest , be informed that the due date is 10 days from today’s date.
In case you have already processed this payment, we kindly ask you to ignore this email. Should you have further questions, connect with us at (07) 30690107.
Best Regards,
Graeme Dossetor
Andrews Insurance Services P/L
(08) 87926423

Dear update
We are thankful for doing business with us. You are receiving this email to inform you that your invoice ( 913306) for A$2,347.52 is 8 days past payment day.
For details, check the enclosed document.
Thank you,
Samantha Pillay
Suplest Australia Pty Ltd | Knight Composites Australasia Pty Ltd
(02) 47505232

Dear mel,
Please find your invoice (ref. 5560233 – 2,805.84 $) enclosed below. Please send funds at your earliest chance, just be advised that the due date is ten days from the day of this email.
If you have already sent this payment, we kindly ask you to ignore this letter. Shall you have further questions, connect with us at (02) 42553934.
Thanks for being with us!
Gall, Allan
Corsair Boats
(08) 20654950

Dear tv
We are thankful for your business. You are receiving this notification to let you know that your account (ref: 574704) for A$1224.61 is 8 days overdue.
To view information, see the enclosed sheet.
Thanks so much,
Adrian Wignall
Lakeside Tattoos
(03) 09661374

Attachment

Invariably its a .DOC file that won’t open, some contain viruses, some AVG does not like.

Now heres the catch… if you run a virus checker over the attachment, it will reprt it is OKL, but when you then try and open the file is when the trouble starts. You can see the message (thumbnail) which reports that WORD has encountered an issue and to click OK.  Thats when the fun begins.  Clicking OK starts a download program that will infect your PC.

Do NOT try and open it or click OK

What Next?

Delete It

Delete the spam email and attachment.

• Set-up a message rule
• Block it
• Mark As SPAM
• Blow it up

Good luck!