This week’s scam post is a bit of a cheeky one. It arrived in my inbox and I admit it had me scratching my head. No branding, no urgency to click a link or lose out on money. Was it a scam or sent to me by mistake?
Sometimes it’s the quiet ones that are the most dangerous…
And, as you’ll see, this one is a particularly interesting one to know about if you work in the finance department so hunker down.
The Email Scam Details
The email itself was a little different to many of the typical email scams we have been discussing over the last few months. Unlike the BT or the British Gas scam emails, this email had no branding. However, that was part of its nefarious charm.
After some thought and discussions amongst The Defence Works’ team, this scam looks like it is aimed at employees working in accounts payable/finance department; the email title being “Payment”. The email contained two worrying items:
- An image of an expense receipt. The image was just out of focus, thereby encouraging the recipient to click to view a larger version. The image however, contains a clickable link. The URL that link went to was shown to be blacklisted and a critical security risk when put through an analyser (see below).
- An attachment.The jpg file attached likely contained malware. Image files like this may be masquerading as a jpg file. If opened, they run like an executable and install malware. Sometimes, jpg images are used as part of a kind of malware jigsaw puzzle, the image containing code that then runs another malware executable. Having a jigsaw-like structure can help malware to evade detection. A variant of the Zeus banking trojan infected computers using a jpg image in an email.
The Clever Phisher
This receipt scam is a clever phishing email: It seems to be targeting busy finance department employees. If it landed in the inbox of a company that processes thousands of expense receipts, it could easily trick the recipient into either clicking on the receipt image or opening the attachment.
Scammers are always trying out new ways of getting past your guard. Phishing emails come in many flavours and this one is one of the blandest, without any pretension to spoof a well-known brand. This also makes it one of the most dangerous too. If it hits the right person, it only needs to have one click and the potential for malware infection is high.
To keep your company cyber-safe, you have to be vigilant about the ever-changing ways of the scammer. The cybercriminal is watching us as much as we watch them. They know that security awareness training is working so they will modify their methods – keeping on top of cybersecurity threats and scams is vital.
Why not help your colleagues stay safe and send them this little reminder. Feel free to edit, copy/paste the advice below:
The Receipt Image Scam
Anyone working in the finance department beware as a scam email is targeting you!
An email containing what seems to be an image of a receipt and an image attachment may land in your inbox. Be very cautious about clicking on the image of the receipt or opening the attachment. This is a phishing email and will likely infect your machine with malware.
If you receive an email like this or something similar – DO NOT click on links or images and don’t download any attachments!
© 2023 . The Defence Works. All rights reserved.