Wednesday, 22 October 2014 11:42

Unpaid Invoice Spammers Insidious New Tactic

We have previously covered how unpaid invoice spammers target credit control failures using an archaic .arj file to spread malicious software, but a new and considerably more dangerous threat has just started to land in inboxes throughout the UK and across the globe.

This latests threat is more insidious as it uses a well known file format to deliver a malicious payload specifically designed to steal sensitive financial data from users.

Now instead of relying on tricking users to open a largely forgotten format, this new round of spamtastic emails carries a malformed .pdf file that once open, downloads a program designed to steal sensitive financial data. 

This new attack is markedly more dangerous for victims as almost every computer has the ability to view the booby trapped file and unless you are using the latest version of Adobe Reader, the chances are your computer is vulnerable.Like the previous round of emails, this new threat uses a simple subject line "Unpaid Invoice" and has a single one line email and attachment.  Again, many of these emails appear to originate from legitimate businesses but in actual fact the spammers are faking the originating email address in an attempt to fool spam filters and end users alike.

The major give away as far as spotting the email are the lack of identifying features such as a footer or signature, the lack of any kind of formal greeting or opening statement coupled with basic spelling and punctuation errors.

Once the attached pdf file is opened it tries to trigger a known bug in older versions of Adobe Reader software, that essentially allows it to run like any other program on your computer.  Once run it dials up the scammers and attempts to install a particularly nasty piece of malware designed to steal usernames and passwords for a variety of financial institutions.

Content continues below

Small Business Commissioner: I’d Sort Unpaid Invoices Myself

The Government’s flagship initiative for helping small businesses when they face unpaid invoices has been dealt something of a PR blow - by the man they appointed to lead the scheme. Speaking to The…

The Safe Collections Credit Control Guide

Cash flow is king. Profit is sanity. Turnover is vanity. Cash flow is the lifeblood of every business and ensuring it flows freely is essential. Read a sample of our free guide to credit control…

Insolvency Domino Effect Strikes Down One in Four UK Companies

More than a quarter of UK businesses have suffered negative consequences from another company becoming insolvent in the past six months. A survey carried out by R3 revealed that one in 10 businesses…

Pay promptly for Small Business Saturday

This Saturday December 6th is Small Business Saturday, an annual initiative to support small businesses throughout the UK, and it's not just about visiting your local independent gift shop. Much of…

What can I do?

Users need to take basic steps to ensure that their PCs are as secure as possible in order to avoid these kinds of issues, by taking a few simple steps you can radically reduce the risk that you will fall victim to these kinds of tricks.  Sensible precautionary measures include:

  • Ensuring you have antivirus software installed and that the virus definitions are kept updated
  • Ensuring you keep Adobe Reader up-to-date with the latest version available
  • Only opening attachments from sources you recognise and if necessary confirming the email is legitimate
  • Keeping your Windows installation up-to-date with the latest patches and security fixes

The above steps, whilst not guaranteed to keep you safe from the worst the internet has to offer, will radically reduce the chances that you will be caught out if you do inadvertently open a booby trapped attachment.

More credit control problems

If you are issuing your invoices by email and using .pdf files you may well find your legitimate invoices are being caught by overzealous spam filters and network blocks seeking to mitigate this new attack.  That makes it even more important to carry out some basic credit control of your own to keep a healthy cash flow. 

We always recommend calling your client after the invoice is sent but before due date to confirm safe receipt, this way you can send your invoice again if it does get caught by an overzealous spam filter before your invoice is overdue.

Over 150 Years Of Industry Experience

Our modest but highly skilled team has a combined total of over 150 years of experience in commercial credit management and B2B debt collection. From independent IT contractors to major film and TV publishers, Safe Collections has the knowledge and experience you need to get paid quickly and cost effectively.

8:00 - 20:00

8:00 - 20:00

Our Opening Hours Mon. - Fri.

+44 (0) 1772 454505

+44 (0) 1772 454505

Got questions? Call us today. No hard sell, guaranteeed. 

© 2017 Safe Collections is a trading name of Safe Collections Limited. Company Number: 01815264. VAT Number: GB407358159. All Rights Reserved.