July 26, 2018

You DO NOT Owe for an Overdue Invoice

Billing Scams are a Common Form of Spear Phishing

Do NOT Click Through or Open the Attached File




It's time to take a look at a few of the e-mail scams that have been filling inboxes recently. Some of these were sent to me personally; others were forwarded to me by some of my customers, who wanted to know if they were legitimate or not.  These e-mails are cut and pasted from the originals. In any case an e-mail contains an inline URL, I have changed that URL so it will NOT "work" if you click on it by mistake.  I have NOT stripped out links completely, so that readers may use the "hover trick" to see that the links, in fact, do NOT lead to where you'd expect. (Remember, you can hover your mouse over ANY link, and a program will show its true destination in either the status bar or in a pop-up tooltip.)

You DO NOT Owe for an Outstanding Invoice from a Company Whose Name You Do Not Recognize


This spear-fishing e-mail claims you owe money, and tells you to click a link to settle your bill.  Clicking on the link will take you to a site where they will trick you into disclosing personal info, and most likely will plant malware on your system while doing so.


--------------------------------------------------------------------
From: "Baseline Creative, Inc."
Sent: Thursday, July 12, 2018 8:34:59 AM
Subject: Reminder for unpaid Invoice from Baseline Creative, Inc.

overdue reminder from Baseline Creative, Inc..

 Invoice No: 85435
Balance Due: USD 211.42
Due on: May 29. 2018 (99 day(s) overdue)

This invoice is showing open in our system. Please contact us if this is incorrect.

A transaction ID, check number or date of payment is appreciated to help match this invoice.
-----------------------------------------------------------------------------
If you hover over the link, you'll see it does NOT go to baseline creative. (Text in all caps has been added to ensure the link does not work.)  NOTE: The formatting issues are contained within the code for the e-mail. Bad code is always another sign something is bad, along with spelling and grammar errors.

You Likewise DO NOT Owe Intuit Anything


A similar phishing scam promises you'll reach an invoice if you click on the link.  It claims to be auto-generated by a Quickbooks account.

-------------------------

Stop waiting weeks for checks to arrive.

Hello,
 This alert has been mailed to you by Intuit Inc. Make sure you click on the link down below to view detailed information.

Invoice ID: INV0534691 has been settled and readily available for download.
See details
We value your business with us and thank you for using Intuit.
We're here to help..
Call 800-267-3519
Tutorials
Talk to a Pro
------------------
This is a completely bogus invoice. The only people who auto-generated this were the virus writers.

You Do NOT Have a Package Coming


This e-mail is supposedly from DHL. It tells you that you have a package on the way, and need to click a link to view an invoice.





If you look at the screenshot, you will see it contains official looking graphics.  However, if you hover over the text cut and pasted below, you will see the link does NOT lead to DHL:

-------------
Dear Customer,



You have a package coming.
This email was sent to you at the request of Qvc inc to notify you that the package has
been sent to our warehouse. To validate the actual transit status of a shipment, click here to viewan invoice.

OUR COMPANY IS HERE FOR YOU
Thanks for choosing DHL We look forward to providing you best possible service and fast at the best possible price. Have questions? We offer you a choice in contacting Customer Service:

For online Customer Service, click here.
-------------------------------

If you hover over the "click here" link, you can see it does NOT go to DHL, but rather to an unknown domain. (Again, I have added text in all caps to ensure you do not click through to a bad domain by mistake.)  However, this scammer is clever; the Customer Service link actually takes you to a legitimate DHL domain. This is a reminder that you need to hover over ALL links in an e-mail to ensure they belong to the correct domain. This scammer hopes the legitimate DHL links will trick you into thinking the bad ones are legitimate too.


Online Invoice Notices Are Also Most Likely Scams

The screenshot below shows another frequent scam: an invoice for a bill you do not owe from Online Invoices. These often claim to be invoices for Ebay purchases, Etsy purchases, or other online marketplace type purchases.



The text from this e-mail is cut and pasted below. Again, I have added all caps text to the actual link to shield readers from harm.

---------------------------
Invoice Notice

Good Day,

The following payment notice was sent to you by OnlineInvoices on behalf of NCO Credit Services. Click the link below to find your details





SeeYour Invoice Here




$1,170.00
#14125537834




About OnlineInvoices |  Support |  Terms & Conditions |  Privacy Policy  

----------------------

Again, Online Invoices is a legitimate web service. This looks like a legitimate e-mail. The links in the footer actually lead to the Online Invoices dot com website. But the link to "See your invoice" leads to a scammer's site.  The scammers know you are probably not going to pay a bill that large that you do not remember owing. However, they do hope they can get you to click through the link, so that they can plant malware on your system. They hope you'll be dumb enough to give them payment information, so that they can use that information to buy untraceable gift cards or cryptocurrency with your financial information.

What Do These E-Mails Have in Common?


Today, we looked at four examples of Invoice Spam.  All four target a user's forgetfulness. All hope you will be dumb enough to investigate an invoice for a debt you do not owe.  If you actually forward payment, that is icing on the cake to these scammers.  Really, if you have a "What is this?" type reaction, and you click through any of the links, the sender has met a goal. In many cases, merely clicking through is enough to jeopardize your computer's safety, or that of your mobile device. It does not matter what device you use to click through to the link, that device will most likely be infected with malware as a result.

Many times, if you click through, you will be presented with some sort of form. It may be a log-in form, designed to steal your log-in credentials, or it may be a billing or payment form, designed to steal your financial information. They may go even further and phish for the information they need to steal your identity.  If you actually make a payment towards that invoice you do not owe, they WILL compromise that payment method. If you use a debit card, they will use it to clean out the attached account. 

Remember, the scammers steal graphics and even e-mail templates from companies to try to make their own scams look legit. Just because something looks official, it does not mean it is. Even valid links contained in the body of an e-mail are not enough to ensure the whole thing is "real." The most IMPORTANT link to examine is always the one the mailer wants you to click. If that link looks at all wonky, do not click through.

What Should I Do When I Get These E-Mails?


Do not engage the scammers in any way. Do not try to reply to the e-mails to see how long you can string a Bad Guy along. Many of these scammers are now trying to take revenge against folks who waste their time by doxxing them or by trolling them on social media and across the web.  Engaging the e-mailer in any way just validates that your e-mail belongs to someone who reads and responds. By responding, you've actually made you e-mail more valuable to a Dark Web buyer.

If one of these types of mail lands in your Inbox, mark it as spam to help train your e-mail program to reject further such attempts to phish you.  Then delete it and move on. If you see one of these while cleaning out your junk folder, trust your e-mail program and be glad it is doing its job.

Have you received any of these types of e-mails? Have any fooled you or almost fooled you? Let us know in the comments. And as always, thanks for reading.




1 comment:

  1. Thanks for post this awesome!. I'm a long time reader but ive never
    commented till now.

    Thanks again for the awesome post.

    ReplyDelete

Thank you for contributing to the discussion! Your feedback is valued! (Unless you are a sunglasses or work at home spammer, in which case, your comment will be promptly deleted. :D) The Mods are reviewing it, to keep those types away! ;)