show image

Invoice impersonation attack: if you receive this email, don’t open the link

Hackers are attempting to trick employees into downloading ransomware using a sophisticated invoice impersonation attack, according to new research from Barracuda.

The security firm’s researchers have spotted a wave of attacks in which cyber criminals send emails purportedly from a colleague demanding the payment of an invoice.

Within the body of the email is a link to the invoice payment page which, upon opening, downloads ransomware on to the victim’s computer, or tries to steal their credentials.

Lior Gavish, a researcher at Barracuda, told NS Tech that hackers are automatically mining social media companies to find names and emails they can impersonate.

“If the link actually gets clicked, it would typically download a doc. file (the so-called invoice), which would be an advanced threat of some type that could trigger ransomware or steal the recipients’ credentials from their browser,” he said.

Gavish added that it wasn’t yet clear how many employees had fallen for the attack, nor how much it was costing companies, but he did note that the emails had a high open rate, suggesting many targets found them convincing.

“You should always tread carefully around payment requests via email, and if there’s ever a doubt, any suspicions should be sorted out before ever acting on the request,” he said.

“Secondly, it’s important to remember that any link you click could be malicious, so if you aren’t certain that a particular link is safe — don’t click on it.”

The number of ransomware attacks reported so far in 2017 has risen sharply, with attackers often targeting zero-day exploits on Windows computers.

The NotPetya virus that paralysed some of the world’s biggest businesses in June was named 2017’s worst ransomware attack earlier this month.

Webroot researchers said they placed the strike above WannaCry because it was engineered to unleash chaos upon critical service providers.

Ukraine’s central government and national bank were among the first organisations to be hit by the virus. It went on to strike British advertising giant WPP, French construction materials company Saint-Gobain and several other global businesses.