Wednesday, 22 October 2014 11:42

Unpaid Invoice Spammers Insidious New Tactic

Written by

We have previously covered how unpaid invoice spammers target credit control failures using an archaic .arj file to spread malicious software, but a new and considerably more dangerous threat has just started to land in inboxes throughout the UK and across the globe.

This latests threat is more insidious as it uses a well known file format to deliver a malicious payload specifically designed to steal sensitive financial data from users.

Now instead of relying on tricking users to open a largely forgotten format, this new round of spamtastic emails carries a malformed .pdf file that once open, downloads a program designed to steal sensitive financial data. 

This new attack is markedly more dangerous for victims as almost every computer has the ability to view the booby trapped file and unless you are using the latest version of Adobe Reader, the chances are your computer is vulnerable.Like the previous round of emails, this new threat uses a simple subject line "Unpaid Invoice" and has a single one line email and attachment.  Again, many of these emails appear to originate from legitimate businesses but in actual fact the spammers are faking the originating email address in an attempt to fool spam filters and end users alike.

Unpaid Invoice

The major give away as far as spotting the email are the lack of identifying features such as a footer or signature, the lack of any kind of formal greeting or opening statement coupled with basic spelling and punctuation errors.

Once the attached pdf file is opened it tries to trigger a known bug in older versions of Adobe Reader software, that essentially allows it to run like any other program on your computer.  Once run it dials up the scammers and attempts to install a particularly nasty piece of malware designed to steal usernames and passwords for a variety of financial institutions.

What can I do?

Users need to take basic steps to ensure that their PCs are as secure as possible in order to avoid these kinds of issues, by taking a few simple steps you can radically reduce the risk that you will fall victim to these kinds of tricks.  Sensible precautionary measures include:

  • Ensuring you have antivirus software installed and that the virus definitions are kept updated
  • Ensuring you keep Adobe Reader up-to-date with the latest version available
  • Only opening attachments from sources you recognise and if necessary confirming the email is legitimate
  • Keeping your Windows installation up-to-date with the latest patches and security fixes

The above steps, whilst not guaranteed to keep you safe from the worst the internet has to offer, will radically reduce the chances that you will be caught out if you do inadvertently open a booby trapped attachment.

More credit control problems

If you are issuing your invoices by email and using .pdf files you may well find your legitimate invoices are being caught by overzealous spam filters and network blocks seeking to mitigate this new attack.  That makes it even more important to carry out some basic credit control of your own to keep a healthy cash flow. 

We always recommend calling your client after the invoice is sent but before due date to confirm safe receipt, this way you can send your invoice again if it does get caught by an overzealous spam filter before your invoice is overdue.

Debt Recovery You Can Trust
Risk free credit collections from Safe Collections

Hitting the Headlines: Safe Collections in the Guardian

in About Safe Collections by Adam Home
If you're a Guardian reader, you may have seen Safe Collections' collections and partnerships manager Adam Home quoted in a Guardian Professional article on May 12th. Tim Aldred's piece looked at the case for credit control teams as a way for businesses to…

Hitting The Headlines: The Independent on Sunday

in About Safe Collections by Adam Home
In 2009 our founder and Managing Director was interviewed for a piece in The Independent On Sunday, this article is reproduced below with their kind permission. in 2009 we still went by our original name of Creditsafe Ltd, whilst our name may have changed our…