We have previously covered how unpaid invoice spammers target credit control failures using an archaic .arj file to spread malicious software, but a new and considerably more dangerous threat has just started to land in inboxes throughout the UK and across the globe.
This latests threat is more insidious as it uses a well known file format to deliver a malicious payload specifically designed to steal sensitive financial data from users.
Now instead of relying on tricking users to open a largely forgotten format, this new round of spamtastic emails carries a malformed .pdf file that once open, downloads a program designed to steal sensitive financial data.
This new attack is markedly more dangerous for victims as almost every computer has the ability to view the booby trapped file and unless you are using the latest version of Adobe Reader, the chances are your computer is vulnerable.Like the previous round of emails, this new threat uses a simple subject line "Unpaid Invoice" and has a single one line email and attachment. Again, many of these emails appear to originate from legitimate businesses but in actual fact the spammers are faking the originating email address in an attempt to fool spam filters and end users alike.
The major give away as far as spotting the email are the lack of identifying features such as a footer or signature, the lack of any kind of formal greeting or opening statement coupled with basic spelling and punctuation errors.
Once the attached pdf file is opened it tries to trigger a known bug in older versions of Adobe Reader software, that essentially allows it to run like any other program on your computer. Once run it dials up the scammers and attempts to install a particularly nasty piece of malware designed to steal usernames and passwords for a variety of financial institutions.
What can I do?
Users need to take basic steps to ensure that their PCs are as secure as possible in order to avoid these kinds of issues, by taking a few simple steps you can radically reduce the risk that you will fall victim to these kinds of tricks. Sensible precautionary measures include:
- Ensuring you have antivirus software installed and that the virus definitions are kept updated
- Ensuring you keep Adobe Reader up-to-date with the latest version available
- Only opening attachments from sources you recognise and if necessary confirming the email is legitimate
- Keeping your Windows installation up-to-date with the latest patches and security fixes
The above steps, whilst not guaranteed to keep you safe from the worst the internet has to offer, will radically reduce the chances that you will be caught out if you do inadvertently open a booby trapped attachment.
More credit control problems
If you are issuing your invoices by email and using .pdf files you may well find your legitimate invoices are being caught by overzealous spam filters and network blocks seeking to mitigate this new attack. That makes it even more important to carry out some basic credit control of your own to keep a healthy cash flow.
We always recommend calling your client after the invoice is sent but before due date to confirm safe receipt, this way you can send your invoice again if it does get caught by an overzealous spam filter before your invoice is overdue.