Language:
SEARCH
  • Recent Posts

  • Categories

  • Archives

PHISHING: “Invoice” from a colleague

Today’s phishing attack takes the form of an invoice apparently sent by a “colleague”. Because this comes from a “Doctor” and the e-mail message tone is not formally worded, it can often be misconstrued as legitimate and can be trusted.

This is a common phishing scam. The attachment is a fake invoice that, when opened, will infect your computer with malware, which gives the criminals access to your personal information, but primarily to steal online banking details.

Some departments within the university are particularly vulnerable because they may receive invoices regularly from a number of sources.

The email may appear as if it was sent by a well-known supplier or other trusted source. (in this case a so-called “Doctor” with a uniquely South African surname) Often the email address of a legitimate supplier or a colleague or friend will be mimicked or “spoofed” in a bid to trick you into thinking the invoice is genuine.

The attached invoice will look like a standard document or spreadsheet, however, to view the file you must enable a “macro”, which is a set of pre-programmed instructions for a computer. This macro installs the malware, which can infect the university network.

In the case below, you are directed to a website which tries to open up an infected “Word” document that records your online banking details, along with other financial information, before sending it on to the criminals who then attempt to steal money from your accounts.


 

—–Original Message—–

From: Cornelissen

Sent: 18 September 2017 03:56 PM

To: University Address <Your e-mail address>

Subject: Invoice #66633 (This number random and will change)

 

Hello,

I’ve tried to call you but couldn’t get thought. Need to know the status of this invoice I’ve sent to you a while ago. provided a copy below.

Invoice #66633:

Phishing site address

(Your name will go here)

Kind Regards,

Cornelissen, LM, Dr


 

Here are some handy tips to detect and deal with this “fake invoice” phishing scam.

  • Be on the lookout for unexpected invoices or unusual payment requests.
  • Avoid enabling any macros on an untrusted document.
  • If you’re suspicious – don’t reply to the email but instead call your supplier on the number that you have on file to check the authenticity of the invoice.
  • Ensure you have the latest anti-virus and security updates installed on your computer and consider using high-level macro security settings in software applications.
  • Ensure strong firewalls are in place to help detect malware and prevent data leaving the network without permission.
  • Consider using a separate computer dedicated to making online payments to minimise security risks, especially if you use personal Facebook or other social media sites.

 

 

If you have received mail that looks like this please immediately report it to the Information Technology Security Team using the following method:

Send the spam/phishing mail to help@sun.ac.za

 Attach the phishing or suspicious mail on to the message if possible. There is a good tutorial on how to do this at the following link (Which is safe) : http://stbsp01.stb.sun.ac.za/innov/it/it-help/Wiki%20Pages/Spam%20sysadmin%20Eng.aspx

1. Start up a new mail addressed to help@sun.ac.za)

2. Use the Title “SPAM” (without quotes) in the Subject.

3. With this New Mail window open, drag the suspicious spam/phishing mail from your Inbox into the New Mail Window. It will attach the mail as an enclosure and a small icon with a light yellow envelope will appear in the attachments section of the New Mail.

4. Send the mail.

If you did click on the link of this phishing spam and unwittingly give the scammers your username, e-mail address and password you should immediately go to http://www.sun.ac.za/useradm and change the passwords on ALL your university accounts (making sure the new password is completely different, and is a strong password that will not be easily guessed.) as well as changing the passwords on your social media and private e-mail accounts (especially if you use the same passwords on these accounts.)

[ARTICLE BY DAVID WILES]

Tags:

Comments are closed.

 

© 2013-2024 Disclaimer: The views and opinions expressed in this page are strictly those of the page author(s) and content contributor(s). The contents of this page have not been reviewed or approved by Stellenbosch University.