Money or Malware? Beware of Malicious Email

Malicious Email Keylogger

A new wave of malicious email has made its way to headlines once again. Except for this time, instead of you paying them, they say they want to pay you!

(I know I know, who doesn’t want free money?)

The promise of money comes into your email as a “remittance invoice.”

Like most invoices, this one comes in the form of a PDF. However, hidden inside is not money but the Snake keylogging virus, which logs your keystrokes to steal your passwords.

This can be nerve racking for anyone, especially if you work with sensitive information.

Watching Out For Malicious Email

Here are a few things to look out for if you think you may have received one of these fake invoices:

  • Suspicious File Name: The name of the file is “REMMITANCE INVOICE.pdf” Once opened, the user is directed to open a .docx file named “has been verified. However PDF, Jpeg, xlsx, .docx.” The file name makes it appear that Adobe has verified the file and deemed it safe. You should be very concerned if you see this dialog box when you try to open the file:

  • Suspicious email subject: Another indicator that you may have received a spam email is the term “Remittance Invoice.” If this isn’t a common subject for an invoice you typically receive, it’s more than likely malicious.
  • Un-Trusted Sender: If the sender isn’t a familiar contact, chances are it’s not a legitimate invoice and should be reported to your IT department.

Other Ways to Spot a Malicious Email

Fortunately, detecting phishing attempts is relatively easy once you’re aware of the signs. Here’s what you should do if you receive a suspicious or abnormal email:

  1. Verify the sender
  2. Check for spelling and grammatical errors
  3. Hover over the links and check the web destination
  4. Check the attachment’s file extensions

1. Verify the Sender

Email scammers are able to disguise their strange email address with a normal “sender” name. The sender names appear in bold in your inbox. To verify the sender’s actual address, open the email and look next to the sender’s name.

It looks like this: Sender’s Name <[email protected]>. Read the address closely and literally mind your p’s and q’s. For example, google.com and gooqle.com look very similar at a glance. A hacker may change an address by just one letter.

2. Check For Spelling and Grammatical Errors

Phishing scams can originate from non-English speaking areas. If you get an email and it sounds like broken English, there is a high potential for phishing. The same goes for spelling mistakes. The chances of your bank or the IRS sending you an email with a typo are very small.

3. Hover Over the Links and Check the Web Destination

Before you click anything in an email, move your mouse over the link. Look at the bottom-left corner of your browser window. You will see the web address the link will take you to. Read it very carefully to ensure it’s a site you trust.

4. Check the Attachment’s File Extensions

File extensions are the few characters you see at the end of a digital file. Common ones include .png, .pdf, .docx, and .mp3. The one you need to watch for is .exe. These files contain “executable programs” with the ability to infect your system with malware and other computer viruses.

Need Help Keeping Your Business Safe From Malicious Email Schemes?

If you need assistance installing antivirus software or training your team to spot dangerous malicious email, contact us at [email protected] We offer a free consultation for managed IT and cybersecurity services.