October 16, 2013 1:39
This week, cybercriminals are using a well-known social engineering trick to try to make employees click on fake invoices to distribute a piece of malware. This is especially risky as they are trying to reach employees in the finance department, who either might open the attachment or get it forwarded by a co-worker that is not sure what this is and sends it to Accounting.
The emails are entitled “Invoice #3404196 – Remit File” and they read something like this: “The following is issued on behalf of the Hong Kong Monetary Authority. Attached is the invoice (Invoice_3604196 (dot).zip received from your bank. Please print this label and fill in the requested information."
If anyone in your organization opens the attachment, a malware dropper may get downloaded, which in turn will pull down a large amount of malware that allows the bad guys to take over the whole machine: STOP - LOOK - THINK before you click and be safe out there.