'Invoices Copies Are Not Clear' Scam Pushes Malicious Attachments

A new scam is distributed through spam email campaigns. This time the campaign focuses on businesses and tries to bait employees into opening malicious attachments posing as invoices.

The scam is very simple in nature. The victim receives an email containing several Office documents attached in it. The email text reads as follows:

Goodday dear,

Please note that the attached invoices copies are not clear, We will not be able to pay them.

We do not want the issue of money being returned and we will not be responsible for the extra bank charges.

Kindly respond so we make payment before the holiday

Waiting for your soonest reply!

Thanks & best regards
Wendy Wei
Account Supervisor

Open Payments Europe AB
c/o WeWork
Malmskillnadsgatan 32
111 51 Stockholm, Sweden
Website: hxxps://openpayments.io


The victim is supposed to get scared about potential issues with pending invoices and open the malicious attachments. The Office documents will ask the user to allow macro execution. If this access is granted, the malicious macros in the document can grab any potential malicious payload off a remote website.

Always be very careful with unsolicited emails and scan emails for suspicious red flags, for example - the bad English and grammar used in this particular scam.

November 18, 2022